View Full Version : Cannot Open IE or Firefox
jdwilson
2009-09-18, 06:27
I'm yet another person that needs help from the awesome volunteers on this site. I cannot open IE or Firefox. Iexplorer or Firefox briefly appears under processes in Windows Task Manager, then disappears. I've run everything under the sun, which I didn't realize would make this more difficult. Sorry. I've run Norton, Malwarebytes Anti-Malware, SUPERAntiSpyware Pro, Spybot S&D, AdAware, and Spyware Doctor. I cleaned up a few infections, but the only program that is currently finding an infection is Spyware Doctor (free version). It found Adware.WebSearch_Toolbar. If you need to know the Registry Values and Registry Key, I can try to provide them.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:06 AM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8134B58A-B993-440A-927C-CF9E8EF4218C}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: JGYY - Intel Corporation - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QGOYMU - Sonic Solutions - (no file)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TGDLKYLWY - Sonic Solutions - (no file)
O23 - Service: TGKPULR - Sonic Solutions - (no file)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15882 bytes
Hello and welcome to Safer Networking.
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log
jdwilson
2009-09-23, 07:41
km2357, thanks for the reply and being willing to help. I know we'll be able to solve this, although it may prove difficult.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:46 PM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3708708085-3769670030-921028653-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'MCX1')
O4 - HKUS\S-1-5-21-3708708085-3769670030-921028653-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'MCX1')
O4 - HKUS\S-1-5-21-3708708085-3769670030-921028653-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'MCX2')
O4 - HKUS\S-1-5-21-3708708085-3769670030-921028653-1010\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Dana')
O4 - HKUS\S-1-5-21-3708708085-3769670030-921028653-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8134B58A-B993-440A-927C-CF9E8EF4218C}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: JGYY - Intel Corporation - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QGOYMU - Sonic Solutions - (no file)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TGDLKYLWY - Sonic Solutions - (no file)
O23 - Service: TGKPULR - Sonic Solutions - (no file)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15787 bytes
If you still can't run either IE or Firefox, you'll need to use a USB/Flash drive and a clean computer to download and transfer files/logs back and forth. :)
Step # 1 Download and run DDS
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Step # 2: Download and Run Gmer
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
In your next post/reply, I need to see the following:
1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log
jdwilson
2009-09-24, 07:28
DDS log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 18:03:23.54 on Wed 09/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.814 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\All Users\Documents\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SystemGuardAlerter] SystemGuardAlerter.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: &Search - ?p=ZUfox000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-15 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-19 2189240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090918.003\NAVENG.SYS [2009-9-18 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090918.003\NAVEX15.SYS [2009-9-18 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2005-9-6 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10820.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10820.sys [?]
S3 JGYY;JGYY; [x]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-11-29 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2007-12-29 9472]
S3 QGOYMU;QGOYMU; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-15 1097096]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 TGDLKYLWY;TGDLKYLWY; [x]
S3 TGKPULR;TGKPULR; [x]
S4 vsdatant;vsdatant;a --> a [?]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-09-17 06:36 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 00:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 00:56 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-09-17 00:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-15 23:15 <DIR> --d----- C:\VundoFix Backups
2009-09-15 22:23 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-09-15 22:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 22:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-15 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-15 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 07:01 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 07:01 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 07:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 07:01 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-15 07:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-15 07:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 07:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-15 07:00 <DIR> --d----- c:\docume~1\john\applic~1\PC Tools
2009-09-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-15 00:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-15 00:19 <DIR> -cd-h--- c:\windows\ie8
2009-09-15 00:15 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-09-14 22:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-14 20:10 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-09-14 09:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-14 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-08 20:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-06 08:58 <DIR> --d----- c:\docume~1\john\applic~1\Verizon Wireless
2009-09-06 08:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-09-06 08:56 <DIR> --d----- c:\program files\Research In Motion
2009-09-06 08:56 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-30 03:01 <DIR> --d----- c:\windows\ie8updates
2009-08-29 17:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 17:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 17:33 <DIR> --dsh--- c:\documents and settings\john\IETldCache
==================== Find3M ====================
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
============= FINISH: 18:04:53.87 ===============
Attach file:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/27/2007 5:41:28 PM
System Uptime: 9/20/2009 12:49:58 PM (78 hours ago)
Motherboard: Dell Inc. | | 0X9238
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 892/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 88 GiB total, 21.715 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP723: 6/24/2009 7:21:40 AM - System Checkpoint
RP724: 6/25/2009 1:10:21 PM - Unsigned printer driver Adobe PDF Converter installed.
RP725: 6/26/2009 1:50:16 PM - Installed VZAccess Manager for RIM.
RP726: 6/27/2009 10:12:23 PM - System Checkpoint
RP727: 6/29/2009 8:25:21 AM - System Checkpoint
RP728: 6/30/2009 1:35:42 PM - System Checkpoint
RP729: 7/1/2009 1:40:56 PM - System Checkpoint
RP730: 7/3/2009 10:30:13 AM - System Checkpoint
RP731: 7/4/2009 12:05:36 AM - Removed VZAccess Manager for RIM.
RP732: 7/11/2009 3:36:29 PM - System Checkpoint
RP733: 7/12/2009 4:24:10 PM - System Checkpoint
RP734: 7/13/2009 7:03:31 PM - System Checkpoint
RP735: 7/14/2009 11:14:17 PM - System Checkpoint
RP736: 7/15/2009 3:00:28 AM - Software Distribution Service 3.0
RP737: 7/16/2009 3:41:06 AM - System Checkpoint
RP738: 7/22/2009 3:00:28 AM - Software Distribution Service 3.0
RP739: 7/30/2009 3:00:32 AM - Software Distribution Service 3.0
RP740: 7/31/2009 3:00:31 AM - Software Distribution Service 3.0
RP741: 8/2/2009 11:52:50 PM - System Checkpoint
RP742: 8/7/2009 11:30:32 PM - Unsigned printer driver Adobe PDF Converter installed.
RP743: 8/9/2009 8:44:32 AM - System Checkpoint
RP744: 8/13/2009 3:00:31 AM - Software Distribution Service 3.0
RP745: 8/15/2009 9:30:55 AM - Software Distribution Service 3.0
RP746: 8/15/2009 10:06:14 AM - Printer Driver Microsoft XPS Document Writer Installed
RP747: 8/17/2009 3:00:30 AM - Software Distribution Service 3.0
RP748: 8/18/2009 3:10:21 AM - System Checkpoint
RP749: 8/19/2009 4:10:26 AM - System Checkpoint
RP750: 8/20/2009 3:00:18 AM - Software Distribution Service 3.0
RP751: 8/21/2009 3:12:10 AM - System Checkpoint
RP752: 8/22/2009 9:39:52 PM - System Checkpoint
RP753: 8/25/2009 12:31:21 AM - System Checkpoint
RP754: 8/26/2009 3:00:19 AM - Software Distribution Service 3.0
RP755: 8/27/2009 3:35:30 AM - System Checkpoint
RP756: 8/28/2009 4:41:36 AM - System Checkpoint
RP757: 8/29/2009 12:03:19 PM - Software Distribution Service 3.0
RP758: 8/30/2009 3:00:20 AM - Software Distribution Service 3.0
RP759: 8/31/2009 10:58:41 PM - System Checkpoint
RP760: 9/2/2009 3:00:22 AM - Software Distribution Service 3.0
RP761: 9/4/2009 10:45:52 AM - System Checkpoint
RP762: 9/6/2009 8:58:06 AM - Installed VZAccess Manager.
RP763: 9/9/2009 6:26:29 AM - Software Distribution Service 3.0
RP764: 9/13/2009 8:53:17 AM - System Checkpoint
RP765: 9/13/2009 3:53:28 PM - Restore Operation
RP766: 9/13/2009 4:02:33 PM - Restore Operation
RP767: 9/13/2009 4:21:36 PM - Restore Operation
RP768: 9/14/2009 9:52:59 PM - Installed Windows Defender
RP769: 9/14/2009 9:53:58 PM - Installed Windows Defender
RP770: 9/14/2009 9:55:25 PM - Software Distribution Service 3.0
RP771: 9/15/2009 12:21:10 AM - Installed Windows Internet Explorer 8.
RP772: 9/15/2009 12:22:45 AM - Software Distribution Service 3.0
RP773: 9/15/2009 3:00:25 AM - Software Distribution Service 3.0
RP774: 9/17/2009 12:55:59 AM - Installed SUPERAntiSpyware Professional
RP775: 9/17/2009 9:54:23 PM - Software Distribution Service 3.0
RP776: 9/20/2009 1:08:36 PM - System Checkpoint
RP777: 9/22/2009 11:39:32 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
Access Drivers
Adobe Acrobat 9 Pro
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
ALPS Touch Pad Driver
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
BlackBerry Desktop Software 4.7
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Management Programs 2
BufferChm
Conexant D110 MDC V.9x Modem
CustomerResearchQFolder
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
Dorgem 2.1.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eSupportQFolder
F300
F300_Help
Fax_CDA
getPlus(R)_ocx
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iolo technologies' System Mechanic 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
MarketResearch
mCore
mDrWiFi
Media Center Extender
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft XML Parser
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.5.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
NewCopy_CDA
Otto
PowerDVD 5.5
ProductContextNPI
QuickSet
QuickTime
Readme
RealPlayer Basic
Registry Mechanic 8.0
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Sansa Updater
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Skype™ 3.8
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spyware Doctor 6.1
Status
SUPERAntiSpyware Professional
Symantec Endpoint Protection
TeamSpeak 2 RC2
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB973874)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
==== Event Viewer Messages From Past Week ========
9/23/2009 6:03:27 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
9/20/2009 12:52:09 PM, error: WMPNetworkSvc [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80040154'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
9/20/2009 11:31:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/17/2009 9:49:16 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE32B373. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/17/2009 12:41:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2009 12:32:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/17/2009 12:06:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/16/2009 9:27:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/16/2009 9:27:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI Tosrfcom
9/16/2009 9:04:14 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
==== End Of File ===========================
jdwilson
2009-09-24, 07:34
I don't believe GMER found any rootkit activity.
GMER Scan Log part 1:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-23 23:23:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT 8A431EF8 ZwAlertResumeThread
SSDT 8A431FD0 ZwAlertThread
SSDT 8A455560 ZwAllocateVirtualMemory
SSDT 8A508E70 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EACD72]
SSDT 8A59E118 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E8D9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E8DB98]
SSDT 8A44B0D8 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EAD568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EAD820]
SSDT 8A3D0DA0 ZwFreeVirtualMemory
SSDT 8A42B638 ZwImpersonateAnonymousToken
SSDT 8A430B40 ZwImpersonateThread
SSDT 8A44D220 ZwMapViewOfSection
SSDT 8A427920 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EABA80]
SSDT 8A58E478 ZwOpenProcessToken
SSDT 8A4047E8 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA2CD280]
SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xB9D737B0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EADC8A]
SSDT 8A4FD110 ZwResumeThread
SSDT 8A5000B0 ZwSetContextThread
SSDT 8A441210 ZwSetInformationProcess
SSDT 89C35D48 ZwSetInformationThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EAD036]
SSDT 8A4268D0 ZwSuspendProcess
SSDT 8A43A518 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0B320B0]
SSDT 8A44C090 ZwTerminateThread
SSDT 8A50A350 ZwUnmapViewOfSection
SSDT 8A3D74C0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2420 80501C58 8 Bytes CALL 692BB516
.text ntkrnlpa.exe!ZwCallbackReturn + 2568 80501DA0 4 Bytes CALL DCDA5DEC
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + AFD 8053D631 5 Bytes JMP B9D74BB0 SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
.text ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0
.text ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A
.text ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344
.text ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E
.text ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8
.text ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2
.text ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C
.text ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466
.text ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0
.text ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA
.text ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514
.text ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[468] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[468] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\brss01a.exe[480] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\brss01a.exe[480] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\brss01a.exe[480] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\brss01a.exe[480] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\brss01a.exe[480] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\brss01a.exe[480] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\brss01a.exe[480] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\brss01a.exe[480] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegSetValueA
jdwilson
2009-09-24, 07:38
GMER Scan Log Part 2:
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[756] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[976] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[976] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[1080] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehSched.exe[1080] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!RegSetValueA
jdwilson
2009-09-24, 07:41
GMER Scan Log Part 3:
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1420] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1420] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1420] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[1512] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[1512] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[1512] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\csrss.exe[1512] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\csrss.exe[1512] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[1512] KERNEL32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\csrss.exe[1512] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1512] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[1540] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1992] ADVAPI32.dll!RegSetValueA
jdwilson
2009-09-24, 07:43
Part 4:
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\svchost.exe[2032] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[2032] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2080] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Apoint\Apntex.exe[2236] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2340] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\All Users\Documents\gmer.exe[2412] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\ehome\ehtray.exe[2420] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2628] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[2628] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2628] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] ADVAPI32.dll!RegSetValueA
jdwilson
2009-09-24, 07:46
Part 5:
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Apoint\Apoint.exe[3080] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\dllhost.exe[3980] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
jdwilson
2009-09-24, 07:48
Part 6:
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[188] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[264] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[328] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[336] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[464] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\spoolsv.exe[468] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\brss01a.exe[480] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[552] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
jdwilson
2009-09-24, 07:49
Part 7:
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[604] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[604] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[700] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Bonjour\mDNSResponder.exe[756] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehRecvr.exe[976] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[988] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[988] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[988] @ c:\windows\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[996] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ c:\windows\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1040] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehSched.exe[1080] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1144] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
jdwilson
2009-09-24, 07:51
Part 8:
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\System32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\System32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\alg.exe[1276] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1404] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\Explorer.EXE[1420] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe[1428] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\services.exe[1588] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\lsass.exe[1600] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe[1772] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ c:\windows\system32\rpcss.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1920] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ c:\windows\system32\rpcss.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[1952] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
jdwilson
2009-09-24, 07:53
Part 9:
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1992] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\System32\svchost.exe[2032] @ c:\windows\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Defender\MSASCui.exe[2080] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apntex.exe[2236] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\HPZipm12.exe[2340] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2380] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\ehome\ehtray.exe[2420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2604] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\svchost.exe[2628] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2660] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Windows Media Player\WMPNetwk.exe[2772] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Apoint\Apoint.exe[3080] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
jdwilson
2009-09-24, 07:55
Part 10:
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\WINDOWS\system32\dllhost.exe[3980] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4248] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\user32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe[5504] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5556] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[5676] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[5856] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6068] @ C:\WINDOWS\system32\shell32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 5F420000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F250000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F310000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtSetInformationFile] 5F3B0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F290000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F1D0000
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[6076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F310000
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AC81BD20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
That was a long GMER log. :) I didn't see any signs of Rootkit activity in it. The reason I think it was so big was because of this, from the GMER instructions:
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
Did you remember to make sure the Show All button was unticked? If you didn't, no worries, you don't have run GMER again (for the forseeable future). :)
Registry Cleaners
Re. Registry Mechanic 8.0
I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners:
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.
http://forums.whatthetech.com/Regcleaner_t42862.html
I recommend that you uninstall Registry Mechanic 8.0 from your computer.
Step # 1: Disable Windows Defender
Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.
- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Step # 2: Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh DDS Log in your next reply.
Use multiple posts if you can't fit everything into one post.
jdwilson
2009-09-25, 07:00
The "show all" button was grayed out, I couldn't check it if I wanted to. All of the boxes were checked by default however. The Registry Mechanic program was installed along with something another program I used in desperation. I uninstalled it. I simply uninstalled Windows Defender as it was also installed as I thought "something's gotta work!!" Below is the ComboFix log, the DDS log will be a separate post.
ComboFix 09-09-23.02 - John 09/24/2009 22:21.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.886 [GMT -5:00]
Running from: c:\documents and settings\All Users\Documents\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\11e59f53.msi
c:\windows\Installer\1f59acc7.msi
c:\windows\Installer\2614c87.msp
c:\windows\Installer\2614c89.msp
c:\windows\Installer\34425f.msi
c:\windows\kb913800.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_003403_.tmp.dll
c:\windows\system32\_003404_.tmp.dll
c:\windows\system32\_003405_.tmp.dll
c:\windows\system32\_003406_.tmp.dll
c:\windows\system32\_003413_.tmp.dll
c:\windows\system32\_003414_.tmp.dll
c:\windows\system32\_003415_.tmp.dll
c:\windows\system32\_003416_.tmp.dll
c:\windows\system32\_003418_.tmp.dll
c:\windows\system32\_003419_.tmp.dll
c:\windows\system32\_003422_.tmp.dll
c:\windows\system32\_003423_.tmp.dll
c:\windows\system32\_003425_.tmp.dll
c:\windows\system32\_003426_.tmp.dll
c:\windows\system32\_003427_.tmp.dll
c:\windows\system32\_003429_.tmp.dll
c:\windows\system32\_003430_.tmp.dll
c:\windows\system32\_003431_.tmp.dll
c:\windows\system32\_003432_.tmp.dll
c:\windows\system32\_003433_.tmp.dll
c:\windows\system32\_003437_.tmp.dll
c:\windows\system32\_003438_.tmp.dll
c:\windows\system32\_003440_.tmp.dll
c:\windows\system32\_003442_.tmp.dll
c:\windows\system32\_003443_.tmp.dll
c:\windows\system32\_003445_.tmp.dll
c:\windows\system32\_003446_.tmp.dll
c:\windows\system32\_003447_.tmp.dll
c:\windows\system32\_003448_.tmp.dll
c:\windows\system32\_003449_.tmp.dll
c:\windows\system32\_003452_.tmp.dll
c:\windows\system32\_003453_.tmp.dll
c:\windows\system32\_003454_.tmp.dll
c:\windows\system32\_003455_.tmp.dll
c:\windows\system32\_003456_.tmp.dll
c:\windows\system32\_003461_.tmp.dll
c:\windows\system32\_003463_.tmp.dll
c:\windows\system32\_003464_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.
2009-09-17 11:36 . 2009-09-17 11:36 -------- d-----w- c:\program files\Trend Micro
2009-09-17 05:56 . 2009-09-17 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-17 05:56 . 2009-09-17 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 05:56 . 2009-09-17 05:56 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2009-09-17 05:54 . 2009-09-17 05:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-17 04:20 . 2009-09-17 04:20 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-09-17 04:19 . 2009-09-17 04:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-17 02:29 . 2009-09-17 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-17 02:27 . 2009-09-17 02:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-16 04:15 . 2009-09-16 04:15 -------- d-----w- C:\VundoFix Backups
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-09-16 03:23 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 03:23 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 12:01 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 12:01 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 12:01 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 12:00 . 2009-09-15 12:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-15 12:00 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 12:00 . 2009-09-20 13:21 -------- d-----w- c:\program files\Spyware Doctor
2009-09-15 12:00 . 2009-09-15 12:00 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2009-09-15 12:00 . 2009-09-15 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-15 11:58 . 2009-09-23 22:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-15 05:23 . 2009-09-15 08:00 -------- d--h--w- c:\windows\$hf_mig$
2009-09-15 05:19 . 2009-09-15 05:22 -------- dc-h--w- c:\windows\ie8
2009-09-15 05:15 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\Adobe
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Application Data\Toshiba
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\Toshiba
2009-09-15 03:20 . 2009-09-15 03:20 77704 ----a-w- c:\documents and settings\Dana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Application Data\GTek
2009-09-15 03:16 . 2009-09-15 03:16 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\Symantec
2009-09-15 03:07 . 2009-09-15 03:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-15 01:10 . 2009-09-15 01:10 -------- d-sh--w- c:\documents and settings\John\IECompatCache
2009-09-14 14:47 . 2009-09-20 13:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-14 14:47 . 2009-09-14 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-14 12:39 . 2009-09-17 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-14 00:36 . 2009-09-14 00:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 01:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 20:08 . 2009-09-06 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-06 13:58 . 2009-09-06 13:58 -------- d-----w- c:\documents and settings\John\Application Data\Verizon Wireless
2009-09-06 13:58 . 2009-09-06 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2009-09-06 13:56 . 2009-09-06 13:56 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-09-06 13:56 . 2009-09-06 13:56 -------- d-----w- c:\program files\Research In Motion
2009-08-30 08:01 . 2009-09-15 08:00 -------- d-----w- c:\windows\ie8updates
2009-08-30 00:12 . 2009-08-30 00:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-29 22:36 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 22:36 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 22:33 . 2009-08-29 22:33 -------- d-sh--w- c:\documents and settings\John\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 11:37 . 2009-02-21 21:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 11:31 . 2007-06-28 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-17 14:08 . 2007-06-27 23:01 77704 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 11:58 . 2009-09-15 12:01 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-10 21:16 . 2007-09-06 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 09:01 . 2004-08-19 20:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-19 20:50 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-19 20:49 915456 ----a-w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SansaDispatch"="c:\documents and settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-14 79872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\John\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2009 7:01 AM 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/14/2009 7:03 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [9/6/2005 6:59 PM 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 1:55 PM 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 JGYY;JGYY; [x]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/29/2008 12:52 AM 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/29/2007 1:09 PM 9472]
S3 QGOYMU;QGOYMU; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/15/2009 7:00 AM 348752]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S3 TGDLKYLWY;TGDLKYLWY; [x]
S3 TGKPULR;TGKPULR; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2008-08-04 22:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZUfox000
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SystemGuardAlerter - SystemGuardAlerter.exe
Notify-dimsntfy - (no file)
SafeBoot-Symantec Antvirus
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 22:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1956)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(2012)
c:\program files\iolo\Common\Lib\sguard.dll
- - - - - - - > 'explorer.exe'(6016)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(1928)
c:\program files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\iolo\System Mechanic 6\SystemGuardAlerter.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\msiexec.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2009-09-25 22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 03:47
Pre-Run: 23,235,293,184 bytes free
Post-Run: 23,110,082,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
344 --- E O F --- 2009-09-23 04:39
jdwilson
2009-09-25, 07:01
I didn't say it in the first post, but I appreciate your willingness to help.
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 22:51:08.23 on Thu 09/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1129 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Documents\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: &Search - ?p=ZUfox000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-15 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-19 2189240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090918.003\NAVENG.SYS [2009-9-18 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090918.003\NAVEX15.SYS [2009-9-18 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2005-9-6 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10820.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10820.sys [?]
S3 JGYY;JGYY; [x]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-11-29 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2007-12-29 9472]
S3 QGOYMU;QGOYMU; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-15 1097096]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 TGDLKYLWY;TGDLKYLWY; [x]
S3 TGKPULR;TGKPULR; [x]
S4 vsdatant;vsdatant;a --> a [?]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-09-24 22:18 <DIR> a-dshr-- C:\cmdcons
2009-09-24 22:13 229,888 a------- c:\windows\PEV.exe
2009-09-24 22:13 161,792 a------- c:\windows\SWREG.exe
2009-09-24 22:13 98,816 a------- c:\windows\sed.exe
2009-09-17 06:36 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 00:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 00:56 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-09-17 00:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-15 23:15 <DIR> --d----- C:\VundoFix Backups
2009-09-15 22:23 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-09-15 22:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 22:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-15 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-15 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 07:01 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 07:01 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 07:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 07:01 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-15 07:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-15 07:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 07:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-15 07:00 <DIR> --d----- c:\docume~1\john\applic~1\PC Tools
2009-09-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-15 00:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-15 00:19 <DIR> -cd-h--- c:\windows\ie8
2009-09-15 00:15 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-09-14 22:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-14 20:10 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-09-14 09:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-14 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-08 20:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-06 08:58 <DIR> --d----- c:\docume~1\john\applic~1\Verizon Wireless
2009-09-06 08:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-09-06 08:56 <DIR> --d----- c:\program files\Research In Motion
2009-09-06 08:56 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-30 03:01 <DIR> --d----- c:\windows\ie8updates
2009-08-29 17:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 17:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 17:33 <DIR> --dsh--- c:\documents and settings\john\IETldCache
==================== Find3M ====================
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
============= FINISH: 22:55:11.53 ===============
Step # 1 Download and run SREng
Download SREng (http://www.kztechs.com/sreng/sreng2.zip)
Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:
http://img.photobucket.com/albums/v666/sUBs/SystemRepair_FileAssocs.gif
Close SREng now.
Step # 2: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
KILLALL::
Driver::
JGYY
QGOYMU
TGDLKYLWY
TGKPULR
Folder::
C:\VundoFix Backups
DDS::
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
IE: &Search - ?p=ZUfox000
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Note: This CFScript is for use on jdwilson's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
In your next post/reply, I need to see the following:
1. The ComboFix Log that appears after Step 2 has been completed.
2. A fresh DDS Log taken after Step 2 has been completed.
jdwilson
2009-09-26, 06:38
New ComboFix Log:
ComboFix 09-09-23.02 - John 09/25/2009 21:54.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1030 [GMT -5:00]
Running from: c:\documents and settings\All Users\Documents\ComboFix.exe
Command switches used :: c:\documents and settings\All Users\Documents\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JGYY
-------\Legacy_QGOYMU
-------\Legacy_TGDLKYLWY
-------\Legacy_TGKPULR
-------\Service_JGYY
-------\Service_QGOYMU
-------\Service_TGDLKYLWY
-------\Service_TGKPULR
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.
2009-09-17 11:36 . 2009-09-17 11:36 -------- d-----w- c:\program files\Trend Micro
2009-09-17 05:56 . 2009-09-17 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-17 05:56 . 2009-09-17 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 05:56 . 2009-09-17 05:56 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2009-09-17 05:54 . 2009-09-17 05:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-17 04:20 . 2009-09-17 04:20 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-09-17 04:19 . 2009-09-17 04:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-17 02:29 . 2009-09-17 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-17 02:27 . 2009-09-17 02:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-09-16 03:23 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 03:23 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 12:01 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 12:01 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 12:01 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 12:00 . 2009-09-15 12:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-15 12:00 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 12:00 . 2009-09-20 13:21 -------- d-----w- c:\program files\Spyware Doctor
2009-09-15 12:00 . 2009-09-15 12:00 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2009-09-15 12:00 . 2009-09-15 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-15 11:58 . 2009-09-23 22:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-15 05:23 . 2009-09-15 08:00 -------- d--h--w- c:\windows\$hf_mig$
2009-09-15 05:19 . 2009-09-15 05:22 -------- dc-h--w- c:\windows\ie8
2009-09-15 05:15 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\Adobe
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Application Data\Toshiba
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\Toshiba
2009-09-15 03:20 . 2009-09-15 03:20 77704 ----a-w- c:\documents and settings\Dana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 03:20 . 2009-09-15 03:20 -------- d-----w- c:\documents and settings\Dana\Application Data\GTek
2009-09-15 03:16 . 2009-09-15 03:16 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\Symantec
2009-09-15 03:07 . 2009-09-15 03:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-15 01:10 . 2009-09-15 01:10 -------- d-sh--w- c:\documents and settings\John\IECompatCache
2009-09-14 14:47 . 2009-09-20 13:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-14 14:47 . 2009-09-14 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-14 12:39 . 2009-09-17 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-14 00:36 . 2009-09-14 00:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 01:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 20:08 . 2009-09-06 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-06 13:58 . 2009-09-06 13:58 -------- d-----w- c:\documents and settings\John\Application Data\Verizon Wireless
2009-09-06 13:58 . 2009-09-06 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2009-09-06 13:56 . 2009-09-06 13:56 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-09-06 13:56 . 2009-09-06 13:56 -------- d-----w- c:\program files\Research In Motion
2009-08-30 08:01 . 2009-09-15 08:00 -------- d-----w- c:\windows\ie8updates
2009-08-30 00:12 . 2009-08-30 00:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-29 22:36 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 22:36 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 22:33 . 2009-08-29 22:33 -------- d-sh--w- c:\documents and settings\John\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 11:37 . 2009-02-21 21:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 11:31 . 2007-06-28 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-17 14:08 . 2007-06-27 23:01 77704 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 11:58 . 2009-09-15 12:01 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-10 21:16 . 2007-09-06 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 09:01 . 2004-08-19 20:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-19 20:50 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-19 20:49 915456 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-25_03.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-26 02:54 . 2009-09-26 02:54 16384 c:\windows\Temp\Perflib_Perfdata_db4.dat
+ 2009-09-26 03:08 . 2009-09-26 03:08 16384 c:\windows\Temp\Perflib_Perfdata_9a8.dat
+ 2009-08-30 00:12 . 2009-09-26 01:58 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-30 00:12 . 2009-09-25 02:33 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SansaDispatch"="c:\documents and settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-14 79872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\John\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2009 7:01 AM 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/14/2009 7:03 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [9/6/2005 6:59 PM 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 1:55 PM 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/29/2008 12:52 AM 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/29/2007 1:09 PM 9472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/15/2009 7:00 AM 348752]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2008-08-04 22:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 22:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(2028)
c:\program files\iolo\Common\Lib\sguard.dll
- - - - - - - > 'explorer.exe'(4976)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(1928)
c:\program files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\iolo\System Mechanic 6\IoloSGCtrl.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\msiexec.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\iolo\SYSTEM~1\SysMech6.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2009-09-26 22:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 03:26
ComboFix2.txt 2009-09-25 03:48
Pre-Run: 23,078,760,448 bytes free
Post-Run: 23,128,965,120 bytes free
298 --- E O F --- 2009-09-23 04:39
jdwilson
2009-09-26, 06:39
New DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 22:31:57.61 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1150 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Documents\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-15 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-19 2189240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090925.020\NAVENG.SYS [2009-9-25 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090925.020\NAVEX15.SYS [2009-9-25 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2005-9-6 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10820.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10820.sys [?]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-11-29 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2007-12-29 9472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-15 1097096]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S4 vsdatant;vsdatant;a --> a [?]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-09-24 22:18 <DIR> a-dshr-- C:\cmdcons
2009-09-24 22:13 229,888 a------- c:\windows\PEV.exe
2009-09-24 22:13 161,792 a------- c:\windows\SWREG.exe
2009-09-24 22:13 98,816 a------- c:\windows\sed.exe
2009-09-17 06:36 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 00:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 00:56 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-09-17 00:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-15 22:23 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-09-15 22:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 22:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-15 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-15 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 07:01 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 07:01 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 07:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 07:01 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-15 07:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-15 07:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 07:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-15 07:00 <DIR> --d----- c:\docume~1\john\applic~1\PC Tools
2009-09-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-15 00:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-15 00:19 <DIR> -cd-h--- c:\windows\ie8
2009-09-15 00:15 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-09-14 22:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-14 20:10 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-09-14 09:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-14 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-08 20:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-06 08:58 <DIR> --d----- c:\docume~1\john\applic~1\Verizon Wireless
2009-09-06 08:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-09-06 08:56 <DIR> --d----- c:\program files\Research In Motion
2009-09-06 08:56 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-30 03:01 <DIR> --d----- c:\windows\ie8updates
2009-08-29 17:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 17:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 17:33 <DIR> --dsh--- c:\documents and settings\john\IETldCache
==================== Find3M ====================
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
============= FINISH: 22:35:45.08 ===============
jdwilson
2009-09-26, 06:46
For some reason, the new DDS log post is showing after clicking "Post Reply" but not when I view the thread... Anyway, I'm posting it again.
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 22:31:57.61 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1150 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Documents\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-15 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-19 2189240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090925.020\NAVENG.SYS [2009-9-25 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090925.020\NAVEX15.SYS [2009-9-25 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2005-9-6 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10820.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10820.sys [?]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-11-29 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2007-12-29 9472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-15 1097096]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S4 vsdatant;vsdatant;a --> a [?]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-09-24 22:18 <DIR> a-dshr-- C:\cmdcons
2009-09-24 22:13 229,888 a------- c:\windows\PEV.exe
2009-09-24 22:13 161,792 a------- c:\windows\SWREG.exe
2009-09-24 22:13 98,816 a------- c:\windows\sed.exe
2009-09-17 06:36 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 00:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 00:56 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-09-17 00:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-15 22:23 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-09-15 22:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 22:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-15 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-15 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 07:01 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 07:01 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 07:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 07:01 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-15 07:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-15 07:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 07:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-15 07:00 <DIR> --d----- c:\docume~1\john\applic~1\PC Tools
2009-09-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-15 00:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-15 00:19 <DIR> -cd-h--- c:\windows\ie8
2009-09-15 00:15 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-09-14 22:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-14 20:10 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-09-14 09:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-14 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-08 20:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-06 08:58 <DIR> --d----- c:\docume~1\john\applic~1\Verizon Wireless
2009-09-06 08:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-09-06 08:56 <DIR> --d----- c:\program files\Research In Motion
2009-09-06 08:56 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-30 03:01 <DIR> --d----- c:\windows\ie8updates
2009-08-29 17:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 17:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 17:33 <DIR> --dsh--- c:\documents and settings\john\IETldCache
==================== Find3M ====================
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
============= FINISH: 22:35:45.08 ===============
Step # 1 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u16 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.
Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Step # 3 Run Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware.
Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
Next click the Scanner tab and select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:
Click on the Malwarebytes' Anti-Malware icon to launch the program.
Click on the Logs tab.
Click on the log at the bottom of those listed to highlight it.
Click Open.
Post the MalwareBytes' Log in your next post/reply.
jdwilson
2009-09-26, 23:29
I wish I could believe the mbam log, but I don't feel like I can. It didn't find anything before I started this thread... Another scanner (only scanning, no "fixing") is showing Trojan.Generic and Adware.Websearch_Toolbar. In any case, here's the mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 2863
Windows 5.1.2600 Service Pack 3
9/26/2009 3:02:04 PM
mbam-log-2009-09-26 (15-02-04).txt
Scan type: Quick Scan
Objects scanned: 136006
Time elapsed: 9 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Another scanner (only scanning, no "fixing") is showing Trojan.Generic and Adware.Websearch_Toolbar.
What is the name of the scanner that is finding Trojan.Generic and Adware.Websearch_Toolbar? And where does it say/what location does it say where those two are located on the computer?
Step # 1 Update Adobe Acrobat Reader
There is a newer version of Adobe Acrobat Reader available. (See Note below)
First, go to Add/Remove Programs and uninstall Adobe Reader 8.1.3.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
Note: Adobe 9.1.3 is a large program and if you prefer a smaller program you can get Foxit 3.1 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
If you decide to install Foxit 3.1 instead of Adobe, do the following during Foxit's Setup/Installation process:
Uncheck the following boxes:
I accept the License Terms and want to install Foxit Toolbar
Make Ask.com my default search
Create desktop, quick launch and start menu icon to eBay
Step # 2: Run Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
In your next post/reply, I need to see the following:
1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?
jdwilson
2009-09-27, 09:05
What is the name of the scanner that is finding Trojan.Generic and Adware.Websearch_Toolbar? And where does it say/what location does it say where those two are located on the computer?
PC Tools Spyware Doctor is finding the infections. It shows Trojan.Generic in Registry Key:
HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Wget.
It shows Adware.Websearch_Toolbar under the following Registry Values:
HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\iexplore,Type
HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\iexplore,Count
HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\iexplore,Time
It shows Adware.Websearch_Toolbar under the following Registry Keys:
HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\iexplore
HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
Step 1 - I have Adobe Acrobat Pro 9.1.3, so I just uninstalled Reader...
Step 2 - I still can't open IE or Firefox, so I can't run Kapersky.
Here's a fresh DDS log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 0:54:13.97 on Sun 09/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.746 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\All Users\Documents\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {8134B58A-B993-440A-927C-CF9E8EF4218C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-15 206256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-15 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-15 1097096]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-19 2189240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090926.019\NAVENG.SYS [2009-9-26 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090926.019\NAVEX15.SYS [2009-9-26 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2005-9-6 375424]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10820.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10820.sys [?]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-11-29 33808]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2007-12-29 9472]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S4 vsdatant;vsdatant;a --> a [?]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-09-26 14:43 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-26 14:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-24 22:18 <DIR> a-dshr-- C:\cmdcons
2009-09-24 22:13 229,888 a------- c:\windows\PEV.exe
2009-09-24 22:13 161,792 a------- c:\windows\SWREG.exe
2009-09-24 22:13 98,816 a------- c:\windows\sed.exe
2009-09-17 06:36 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 00:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 00:56 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-09-17 00:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-15 22:23 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-09-15 22:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 22:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-15 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-15 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 07:01 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 07:01 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 07:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 07:01 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-15 07:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-15 07:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 07:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-15 07:00 <DIR> --d----- c:\docume~1\john\applic~1\PC Tools
2009-09-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-15 00:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-15 00:19 <DIR> -cd-h--- c:\windows\ie8
2009-09-15 00:15 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-09-14 22:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-14 20:10 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-09-14 09:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-14 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-08 20:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-06 08:58 <DIR> --d----- c:\docume~1\john\applic~1\Verizon Wireless
2009-09-06 08:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-09-06 08:56 <DIR> --d----- c:\program files\Research In Motion
2009-09-06 08:56 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-30 03:01 <DIR> --d----- c:\windows\ie8updates
2009-08-29 17:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 17:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 17:33 <DIR> --dsh--- c:\documents and settings\john\IETldCache
==================== Find3M ====================
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
============= FINISH: 0:57:37.47 ===============
For the bad registry entries, let's do this:
Step # 1: Download and run ERUNT
You will be downloading ERUNT, a registry backup tool.
For version with the Installer (http://aumha.org/downloads/erunt-setup.exe):
Use the setup program to install ERUNT on your computer
For the zipped version (http://aumha.org/downloads/erunt.zip):
Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.
Note:to restore your registry, go to the folder and start ERDNT.exe
Open Notepad!
Copy and Paste everything from the Quote box into Notepad:
REGEDIT4
[-HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Wget]
[-HKEY_USERS\S-1-5-21-3708708085-3769670030-921028653-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.
Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.
After your computer has booted back up, rerun Spyware Doctor and let me know if it finds those registry entries again.
Step 2 - I still can't open IE or Firefox, so I can't run Kapersky.
First, try going into Add/Remove Programs and selecting the entries for IE and Firefox and see if there is the option to either Repair or Reinstall either/both browsers. If they are there, try that and see if you can get either browser working.
If that doesn't work, you can try going on a clean computer and downloading the setup/install files for IE and Firefox, then transfer them over and uninstall and reinstall the browsers that way.
If you can get either browser to work, try running Kaspersky and post the log back. :)
jdwilson
2009-09-29, 05:10
I ran your Fix.reg file and Spyware Doctor came up clean!!
I uninstalled IE8 and Firefox, then restarted the computer. IE7 was on my desktop when it rebooted, so I double clicked it. IT WORKED!!
I ran Kapersky and it was 100% clean!!
And to top it off, my brand new custom laptop just arrived today!! Double exclamation marks for everyone!!
What else do I need to do other than thank you?
Great to hear that everything is working again. :)
If there are no more problems, then you are good to go.
You can delete the following off of your computer:
DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log
sreng2.zip
SREngLdr.EXE
fix.reg
To remove ComboFix, do the following:
Go to Start > Run - type in ComboFix /u & click OK
Empty your Recycle Bin.
Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
This is a good time to clear your existing system restore points and establish a new clean restore point
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created..
Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.
Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub frames across different domains to Prompt When all these settings have been made, click on the OK button.
If it asks you if you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates (http://update.microsoft.com/) regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line Anti Malware (http://forum.malwareremoval.com/viewtopic.php?p=54#54)
Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file (http://www.mvps.org/winhelp2002/hosts.htm) Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE (http://www.bleepingcomputer.com/forums/tutorial51.html) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button on the task bar at the bottom of your screen Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then doubleclick it. On the dropdown box, change the setting from automatic to manual. Click ok..
Use an alternative instant messenger program.Trillian (http://www.trillian.cc/) and Miranda IM (http://www.miranda-im.com/) These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Please read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.subratam.org/index.php?showtopic=5931)
Please read Understanding Spyware, Browser Hijackers, and Dialers (http://www.bleepingcomputer.com/forums/tutorial41.html)
Please read Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)
If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox (http://www.mozilla.org/products/firefox) or
Opera (http://www.opera.com/download/).
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back (http://spyware-free.us/2006/01/time-to-fight-back.html). Follow these steps and your potential for being infected again will reduce dramatically.
Here's a good website to read about Malware prevention:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
If your computer is running slow, click here (http://www.malwareremoval.com/tutorials/runningslowly.php) for instructions on how to help speed up your computer.
Good luck!
Please reply one last time so that I know you have read my post and this thread can be closed.
jdwilson
2009-10-01, 04:19
I will perform all of the steps that you recommend. Thank you for your help!
You're welcome. I'm glad I was able to help you out. :)
Good luck and safe surfing!