Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mutiple downloader/hijacker agents

Started by Chris H , Jan 17 2007 11:17 AM

  • This topic is locked This topic is locked

#1
Chris H
Posted 17 January 2007 - 11:17 AM

Chris H

    Member

  • Member
  • PipPip
  • 19 posts
Hi there,

My hard drive is infected with quite a few of (what appears) to be hijacker and downloader malware. System is running v. slowly and getting some suspect re-directions from Google.

Below are posted HJT log, AVG log and SAS log.
Tried to do a Panda Activescan but unfortunetly couldn't get it to run due to ActiveX problems.

Many thanks for any help given,

Chris x


Logfile of HijackThis v1.99.1
Scan saved at 17:01:30, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: {0A617409-584A-4630-AF8B-4E0DC61FD01C} (blueyonder Game Launcher Control) - http://gaming.blueyo...ex/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.c...ex/launcher.ocx
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {E522120B-0CF2-4C26-A8EA-50A7591F10F1} (blueyonder Game Launcher Control) - http://gaming.blueyo...ex/launcher.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E86790F-605C-4C89-B193-557D2972F814}: NameServer = 85.255.115.42,85.255.112.114
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.114
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.114
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Uninstall log
Abandon Loader 0.8b
ABC (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
AVG Anti-Spyware 7.5
BitTorrent 3.4.2
Carmageddon
Carmageddon II Carpocalypse Now (Demo)
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Cheating-Death 4.3.0
Commando
Coupons and Offers
Creative PCI Audio Drivers
Descent FreeSpace Demo
Deus Ex
Dev-Pascal 1.9
DirectVideo
DivX
DivX Player
dod_sulz
Download Accelerator Plus Beta
Driver Cleaner 1.3.1
Ease Audio Converter 2.30
Easy Internet Sign-up
eMule
EPSON Printer Software
FTP Explorer
GoldWave v5.06
Google Toolbar for Internet Explorer
Half-Life
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp center
HP Deskjet 5700
HP RecordNow
HP Software Update
HSP56 World MicroModem Drivers
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
KaZaA Lite 1.6.1
Kazaa Lite v2.1.0 [K++ Edition] [build 3]
KBD
LiveReg (Symantec Corporation)
LucasArts' Grim Fandango
LucasArts' Jedi Knight
LucasArts' X-Wing vs. TIE Fighter Demo
Macromedia Flash Player 8
Macromedia Shockwave Player
Max Payne
Messenger Plus!
Microsoft AutoRoute 2002
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard - WE 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
mIRC
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML4 Parser
Multiquence v2.53
Network54 EntryPass
nirvana_ss Screen Saver
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
Panda ActiveScan
PaperPort 7.02
PC Healthcheck
PS2
Python 1.5 combined Win32 extensions
Python 1.5.2 (final)
QuickTime
RealPlayer
Realtek AC'97 Audio
Reason Demo
Red Alert Windows 95 Demo
Redemption - For Half-Life
Route Planner 1.2
S3 Gamma
S3 Savage4 Family Display Switch2 Utility
S3Display
S3Gamma2
S3Info2
ScummVM 0.7.1
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
Sid Meier's Gettysburg! 2000/XP Compatibility Update
Sierra Utilities
SiS Audio Driver
SPBBC
Star Wars Jedi Knight Jedi Academy Demo
Star Wars JK II Jedi Outcast
Steam
SUPERAntiSpyware Free Edition
Tcl 8.0.5 for Windows
The Matrix Reloaded 3D Screensaver v1.51
Tony Hawk's Pro Skater 3® DEMO
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Valve Hammer Editor
VideoAccess
Visioneer 4800 USB
Visual Pinball
Winamp3 (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip




SUPERAntiSpyware Scan Log
Generated 01/17/2007 at 03:56 PM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type : Quick Scan
Total Scan Time : 00:21:22

Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 811
Registry threats detected : 4
File items scanned : 15664
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][1].txt
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][2].txt
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@serving-sys[1].txt
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@realmedia[1].txt
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][1].txt
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][1].txt
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@adrevolver[1].txt

Parasite.CoolWebSearch Variant
HKCR\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E}
HKCR\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E}\Data
HKCR\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E}\LocalServer32

Trojan.Security Toolbar
C:\WINDOWS\Antivirus Test Online.url

Adware.IST/YourSiteBar
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf

Trojan.Homepage/Puper
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#wininet.dll [ mscornet.exe ]

Malware.DriveCleaner
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UDC6_0001_D19M1908NETINSTALLER.EXE




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:36:13 15/01/2007

+ Scan result:



HKU\S-1-5-21-558522827-3168066103-3802400216-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-558522827-3168066103-3802400216-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\00000120_44234174_00066ff3 -> Downloader.Agent.ab : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\000048cc_44f98dd7_000b34a7 -> Downloader.Psyme.cd : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\00004db7_444cdf64_0002dc6c -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\000056ae_446d03c4_000d59f8 -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\00006bfc_43f5d42a_000cdfe6 -> Hijacker.Agent.a : Cleaned with backup (quarantined).
HKU\S-1-5-21-558522827-3168066103-3802400216-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{724510C3-F3C8-4FB7-879A-D99F29008A2F} -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\000012e1_4515ddf3_0002dc6c -> Not-A-Virus.Constructor.Perl.Msdds.b : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\000033ea_44f98dd3_000cdfe6 -> Not-A-Virus.Constructor.Perl.Msdds.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.


::Report end
  • 0

Advertisements

#2
Noviciate
Posted 17 January 2007 - 03:00 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

Double click gmer.exe to begin:
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked,
    EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them seperately. Please preview your posts to ensure that all of both logs get posted.
  • 0

#3
Chris H
Posted 18 January 2007 - 05:44 AM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Noviciate,

Run the scans but the report is quite long so will have to break it up and post it in about 4 separate parts; all appears to be there!

Thanks for the help


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-18 13:29:16
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 831F55C0 ZwConnectPort
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntoskrnl.exe!ZwOpenKey + 5 80567B00 8 Bytes [ 53, 8B, DA, 2B, DA, 4B, 8B, ... ]
PAGE ntoskrnl.exe!ZwCreateKey + 5 8056E766 8 Bytes [ 50, 8B, C3, 2B, C3, 48, 8B, ... ]
PAGE ntoskrnl.exe!ZwEnumerateKey + 7 8056EE6F 8 Bytes [ 52, 8B, D6, 2B, D6, 4A, 8B, ... ]
PAGE ntoskrnl.exe!IoCreateFile + 3 80570BF6 8 Bytes [ 51, 8B, C8, 2B, C8, 49, 8B, ... ]
PAGE ntoskrnl.exe!NtQueryDirectoryFile + 3 805744A8 8 Bytes [ 51, 8B, CB, 2B, CB, 49, 8B, ... ]
PAGE ntoskrnl.exe!NtQuerySystemInformation + 5 8057C4AF 8 Bytes [ 53, 8B, DF, 2B, DF, 4B, 8B, ... ]
.text NDIS.sys!NdisAllocatePacket F855B72D 7 Bytes JMP 82BB94FF
PAGENDSP NDIS.sys!NdisMWanSendComplete F857226D 7 Bytes JMP 82BB94FF
PAGENDSM NDIS.sys!NdisMWanIndicateReceive F85788A1 7 Bytes JMP 82BB94FF
.text tcpip.sys!ARPRcvPacket F609A7FA 7 Bytes JMP 82BB94FF
.text tcpip.sys!IPTransmit + B6A F609D7A8 7 Bytes JMP 82BB94FF
.text tcpip.sys!ARPRcv F609F473 7 Bytes JMP 82BB94FF

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\SYSTEM32\winlogon.exe[544] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00C24831
.text C:\WINDOWS\SYSTEM32\winlogon.exe[544] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00C24A44
.text C:\WINDOWS\SYSTEM32\winlogon.exe[544] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C24B61
.text C:\WINDOWS\SYSTEM32\winlogon.exe[544] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00C24946
.text C:\WINDOWS\explorer.exe[1636] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B44831
.text C:\WINDOWS\explorer.exe[1636] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B44A44
.text C:\WINDOWS\explorer.exe[1636] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B44B61
.text C:\WINDOWS\explorer.exe[1636] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B44946
.text C:\Program Files\Msnasoft\lmhcrdg.exe[2100] ntdll.dll!RtlConvertUlongToLargeInteger + 75 7C9037BA 5 Bytes CALL 00F001AA
.text C:\Program Files\Msnasoft\lmhcrdg.exe[2100] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00344831
.text C:\Program Files\Msnasoft\lmhcrdg.exe[2100] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00344A44
.text C:\Program Files\Msnasoft\lmhcrdg.exe[2100] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00344B61
.text C:\Program Files\Msnasoft\lmhcrdg.exe[2100] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00344946
.text C:\WINDOWS\SYSTEM32\rcbarp.exe[2200] ntdll.dll!RtlConvertUlongToLargeInteger + 75 7C9037BA 5 Bytes CALL 00CD01AA
.text C:\WINDOWS\SYSTEM32\rcbarp.exe[2200] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00344831
.text C:\WINDOWS\SYSTEM32\rcbarp.exe[2200] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00344A44
.text C:\WINDOWS\SYSTEM32\rcbarp.exe[2200] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00344B61
.text C:\WINDOWS\SYSTEM32\rcbarp.exe[2200] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00344946
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 00914831
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ]
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 00914A44
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ]
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 00914B61
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ]
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00914946
.text C:\WINDOWS\SYSTEM32\ps2.EXE[2748] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ]
.text C:\WINDOWS\SOUNDMAN.EXE[2768] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00894831
.text C:\WINDOWS\SOUNDMAN.EXE[2768] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00894A44
.text C:\WINDOWS\SOUNDMAN.EXE[2768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00894B61
.text C:\WINDOWS\SOUNDMAN.EXE[2768] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00894946
.text C:\Program Files\Microsoft Hardware\Mouse\point32.exe[2776] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B54831
.text C:\Program Files\Microsoft Hardware\Mouse\point32.exe[2776] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B54A44
.text C:\Program Files\Microsoft Hardware\Mouse\point32.exe[2776] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B54B61
.text C:\Program Files\Microsoft Hardware\Mouse\point32.exe[2776] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B54946
.text C:\Program Files\QuickTime\qttask.exe[2784] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008A4831
.text C:\Program Files\QuickTime\qttask.exe[2784] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 008A4A44
.text C:\Program Files\QuickTime\qttask.exe[2784] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008A4B61
.text C:\Program Files\QuickTime\qttask.exe[2784] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 008A4946
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2792] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008D4831
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2792] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 008D4A44
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008D4B61
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2792] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 008D4946
.text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe[2800] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008C4831
.text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe[2800] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 008C4A44
.text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe[2800] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008C4B61
.text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe[2800] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 008C4946
.text C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[2808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00894831
.text C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[2808] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00894A44
.text C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[2808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00894B61
.text C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[2808] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00894946
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[2816] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003C4831
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[2816] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003C4A44
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[2816] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003C4B61
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[2816] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003C4946
.text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2824] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003C4831
.text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2824] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003C4A44
.text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2824] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003C4B61
.text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2824] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003C4946
.text C:\WINDOWS\SYSTEM32\rundll32.exe[2844] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009C4831
.text C:\WINDOWS\SYSTEM32\rundll32.exe[2844] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 009C4A44
.text C:\WINDOWS\SYSTEM32\rundll32.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009C4B61
.text C:\WINDOWS\SYSTEM32\rundll32.exe[2844] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 009C4946
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2868] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00F44831
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2868] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00F44A44
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2868] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F44B61
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2868] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00F44946
.text C:\Program Files\Messenger\msmsgs.exe[2876] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009D4831
.text C:\Program Files\Messenger\msmsgs.exe[2876] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 009D4A44
.text C:\Program Files\Messenger\msmsgs.exe[2876] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009D4B61
.text C:\Program Files\Messenger\msmsgs.exe[2876] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 009D4946
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[2912] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E4831
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[2912] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 008E4A44
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[2912] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E4B61
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[2912] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 008E4946
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003E4831
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003E4A44
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003E4B61
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003E4946
.text C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE[2972] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00384831
.text C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE[2972] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00384A44
.text C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE[2972] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00384B61
.text C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE[2972] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00384946
.text C:\Documents and Settings\Mum and Dad\Desktop\gmer\gmer.exe[3660] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00904831
.text C:\Documents and Settings\Mum and Dad\Desktop\gmer\gmer.exe[3660] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00904A44
.text C:\Documents and Settings\Mum and Dad\Desktop\gmer\gmer.exe[3660] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00904B61
.text C:\Documents and Settings\Mum and Dad\Desktop\gmer\gmer.exe[3660] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00904946
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NlsMbOemCodePageTag + FFF84FEA 7C901002 14 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlEnterCriticalSection + C 7C901011 2 Bytes [ 65, F8 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlEnterCriticalSection + F 7C901014 25 Bytes [ FF, 70, 18, 83, 65, FC, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlEnterCriticalSection + 29 7C90102E 97 Bytes [ 6A, 0C, 5A, 8D, 4D, F4, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlEnterCriticalSection + 8B 7C901090 47 Bytes [ 70, 40, 8D, 48, 0C, 51, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlEnterCriticalSection + BB 7C9010C0 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlLeaveCriticalSection + 24 7C901111 11 Bytes [ 45, D8, 50, 6A, 17, 6A, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlLeaveCriticalSection + 31 7C90111E 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlLeaveCriticalSection + 33 7C901120 75 Bytes [ 15, A4, 14, D4, 77, 85, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlTryEnterCriticalSection + 41 7C90116C 56 Bytes [ 5D, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!LdrInitializeThunk + 27 7C9011A5 16 Bytes [ C9, C2, 14, 00, 90, 90, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlActivateActivationContextUnsafeFast + 1 7C9011B6 185 Bytes [ 45, 10, 03, C0, 66, 89, 45, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlInitString + 14 7C901270 29 Bytes [ 75, 0C, FF, 75, 08, 74, 07, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlInitString + 32 7C90128E 4 Bytes [ F7, 45, 10, 01 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlInitString + 37 7C901293 81 Bytes [ 74, 07, 68, C2, 02, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlInitUnicodeString + F 7C9012E5 44 Bytes [ 00, 00, 89, BD, 0C, FC, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlInitUnicodeString + 3C 7C901312 146 Bytes [ 68, 38, 32, D4, 77, 57, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!cos + 7B 7C9013A6 12 Bytes [ 00, 8D, 85, 44, FE, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!cos + 88 7C9013B3 60 Bytes [ 00, 85, C0, 0F, 84, 45, 04, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIlog + 1D 7C9013F0 33 Bytes [ 8D, 85, 44, FE, FF, FF, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIlog + 40 7C901413 22 Bytes [ 39, 7E, 10, 74, 33, 6A, 02, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIlog + 57 7C90142A 13 Bytes [ 80, 89, 85, 24, FC, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIlog + 65 7C901438 12 Bytes [ 85, F0, FB, FF, FF, 8D, 45, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIlog + 73 7C901446 8 Bytes JMP 7C9017C6 C:\WINDOWS\system32\ntdll.dll
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIpow + 36 7C9014ED 19 Bytes [ 00, C7, 85, 20, FC, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIpow + 4A 7C901501 10 Bytes [ 80, C7, 85, 24, FC, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIpow + 55 7C90150C 5 Bytes [ 8D, 45, C4, 89, 85 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIpow + 5B 7C901512 6 Bytes [ FB, FF, FF, E9, AC, 02 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_CIpow + 62 7C901519 24 Bytes [ 00, 68, 80, 00, 00, 00, 8D, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!sin + 68 7C901747 154 Bytes [ 4D, FC, FF, 33, FF, FF, B5, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!sqrt + 51 7C9017E3 114 Bytes [ B5, 1C, FC, FF, FF, 57, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldiv + 19 7C901856 27 Bytes [ 90, 90, 53, 00, 68, 00, 75, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldiv + 35 7C901872 149 Bytes [ 53, 00, 6E, 00, 61, 00, 70, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldvrm + 1C 7C901908 27 Bytes [ 77, 00, 6E, 00, 44, 00, 6F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldvrm + 38 7C901924 32 Bytes [ 68, 00, 6F, 00, 74, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldvrm + 59 7C901945 73 Bytes [ EC, 83, EC, 40, 56, 8B, 35, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldvrm + A3 7C90198F 56 Bytes [ C7, 89, 7D, E4, 7C, 2D, 68, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alldvrm + DC 7C9019C8 6 Bytes [ 0F, 95, C0, 5E, C9, C3 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_allmul 7C9019D0 60 Bytes [ 53, 00, 68, 00, 75, 00, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alloca_probe + 4 7C901A0D 14 Bytes [ 74, 10, C7, 45, D0, 07, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alloca_probe + 13 7C901A1C 9 Bytes [ 00, EB, 0E, C7, 45, D0, 05, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alloca_probe + 1D 7C901A26 4 Bytes [ C7, 45, E8, 04 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alloca_probe + 22 7C901A2B 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_alloca_probe + 24 7C901A2D 7 Bytes [ 8D, 45, D0, 50, 6A, 02, 6A ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_allshl + 11 7C901B13 52 Bytes [ C3, 5B, C9, C3, 90, 90, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_allshr + 23 7C901B49 33 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_aulldiv + 1F 7C901B6B 245 Bytes [ 0D, D8, 02, FE, 7F, 33, D2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_aullrem + E 7C901C61 212 Bytes [ EC, 83, EC, 40, 8B, 45, 08, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_memccpy + 19 7C901D36 31 Bytes [ 4D, 18, 8B, 55, F8, 89, 11, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!_memccpy + 39 7C901D56 50 Bytes [ 85, C0, 0F, 84, C6, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!atan + 15 7C901D8A 53 Bytes [ 00, 3D, D8, 00, 00, C0, 0F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!atan + 4B 7C901DC0 2 Bytes [ EB, 1B ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!atan + 4E 7C901DC3 100 Bytes CALL 7C8C09FE C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!ceil + A 7C901E28 63 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!ceil + 4A 7C901E68 35 Bytes CALL 7C901A58 C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!ceil + 6E 7C901E8C 134 Bytes [ 00, FF, 15, 24, 13, D4, 77, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!ceil + F5 7C901F13 53 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!ceil + 12B 7C901F49 24 Bytes [ 7C, 5B, FF, 75, 08, E8, 1F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!floor + 5 7C901F62 5 Bytes [ 00, 8B, 89, CC, 08 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!floor + C 7C901F69 240 Bytes [ 89, 4D, FC, EB, 12, 8D, 45, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!floor + FD 7C90205A 35 Bytes [ FF, 35, 24, 02, DA, 77, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!floor + 121 7C90207E 47 Bytes [ DA, 77, 75, 16, 8B, 76, 24, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memchr + 9 7C9020AE 135 Bytes [ FF, FF, 8B, 76, 24, 3B, F3, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memchr + 91 7C902136 45 Bytes [ 39, 51, 08, 0F, 84, F4, 1F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcmp + 15 7C902164 89 Bytes JMP 7C8E2C38 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcmp + 6F 7C9021BE 130 Bytes [ 03, C6, 50, FF, D3, 83, C4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcpy + 41 7C902241 90 Bytes [ 33, C3, 57, 89, 46, 1C, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcpy + 9C 7C90229C 104 Bytes CALL 7C8D6AE6 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcpy + 105 7C902305 3 Bytes [ 5A, 08, 66 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcpy + 109 7C902309 59 Bytes [ 9D, B0, FB, FF, FF, E9, 8F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memcpy + 145 7C902345 134 Bytes [ 90, 90, 90, 90, 8B, 65, E8, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memmove + 5D 7C902597 55 Bytes JMP 7C8DF205 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memmove + 95 7C9025CF 165 Bytes [ 85, C0, 74, 31, 8D, 45, F4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memmove + 13B 7C902675 48 Bytes [ 66, 89, 43, 06, 89, 43, 08, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memmove + 16C 7C9026A6 89 Bytes [ 10, 89, 43, 1C, 8B, 45, 14, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!memmove + 1C6 7C902700 120 Bytes [ 15, BC, 14, D4, 77, F6, 45, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strcat + D4 7C9029C0 23 Bytes [ 15, FE, FF, 50, 8D, 45, E8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strcmp + 7 7C9029D8 69 Bytes [ FD, FF, FF, 50, 8D, 85, 14, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strcmp + 4D 7C902A1E 173 Bytes [ 15, 70, 14, D4, 77, 85, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strlen + 2F 7C902ACC 132 Bytes [ 66, 89, 45, AC, 66, 8B, 43, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncat + 36 7C902B51 99 Bytes [ FF, 66, 89, BD, EC, FD, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncat + 9A 7C902BB5 51 Bytes [ 68, B8, 2F, D4, 77, E8, 22, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncat + CE 7C902BE9 9 Bytes [ 15, B8, 14, D4, 77, E9, B2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncat + D8 7C902BF3 26 Bytes [ 56, 6A, 00, FF, 35, 24, 02, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncat + F3 7C902C0E 15 Bytes [ 83, F8, 0A, 74, 33, FF, B5, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncpy + 6B 7C902CEB 39 Bytes [ 85, F6, 0F, 84, CC, 1D, FE, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncpy + 93 7C902D13 45 Bytes [ 70, 0C, FF, 15, 94, 11, D4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncpy + C1 7C902D41 9 Bytes CALL 7C8D14B8 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncpy + CB 7C902D4B 36 Bytes JMP 7C8D2618 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strncpy + F0 7C902D70 40 Bytes [ 14, FF, B0, 08, 07, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strpbrk + 16 7C902D99 98 Bytes JMP 7C8D2607 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strspn + F 7C902DFC 22 Bytes [ 85, 04, FB, FF, FF, C1, E8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!strspn + 26 7C902E13 98 Bytes CALL 7C90E849 C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!tan + 39 7C902E77 7 Bytes JMP 7C8EB271 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!tan + 41 7C902E7F 151 Bytes [ 69, 83, FE, FF, C7, 45, F4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!tan + D9 7C902F17 101 Bytes [ 53, 50, FF, 15, 40, 11, D4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlInterlockedPushListSList + 28 7C902F7D 174 Bytes JMP 7C8E3639 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCompareMemory + 36 7C90302C 7 Bytes [ 2B, 46, 10, 03, C6, 85, C0 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCompareMemory + 3E 7C903034 46 Bytes [ 02, 8B, 00, FF, 75, 08, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCompareMemoryUlong + 18 7C903063 34 Bytes [ 48, 10, 6A, 00, 03, C8, 51, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlFillMemory + 6 7C903086 42 Bytes [ 00, 89, 45, E4, 8D, 45, D0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlFillMemory + 31 7C9030B1 3 Bytes [ C7, 45, D8 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlFillMemory + 35 7C9030B5 1 Byte [ 40 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlFillMemory + 38 7C9030B8 50 Bytes CALL 7C8D38F0 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlFillMemory + 6B 7C9030EB 38 Bytes CALL 7C91175D C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlFillMemoryUlong + 1E 7C903113 27 Bytes [ 85, C0, 74, 3B, 8B, CF, E8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlZeroMemory + 14 7C90312F 25 Bytes [ 00, F7, D8, 1B, C0, 83, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlZeroMemory + 2E 7C903149 51 Bytes CALL 7C91175D C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlMoveMemory + 2C 7C90317D 6 Bytes CALL 7C911CC3 C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlMoveMemory + 33 7C903184 30 Bytes JMP 7C8FAD15
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlMoveMemory + 52 7C9031A3 23 Bytes JMP 7C8F78E3
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlMoveMemory + 6B 7C9031BC 34 Bytes [ 01, 0F, 84, B7, 47, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlMoveMemory + 8E 7C9031DF 18 Bytes JMP 7C8F79A7
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlExtendedMagicDivide + 74 7C9035FB 28 Bytes [ 85, DA, 35, FF, FF, 8B, 46, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlExtendedMagicDivide + 91 7C903618 93 Bytes [ EB, 0C, 6A, 02, EB, 39, 25, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlExtendedIntegerMultiply + 59 7C903676 43 Bytes [ FF, 57, 6A, 01, 56, E8, B7, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlLargeIntegerShiftLeft + 27 7C9036A2 22 Bytes JMP 7C8F6E74
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlLargeIntegerShiftRight + 11 7C9036B9 185 Bytes JMP 7C8F6A9C
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlConvertUlongToLargeInteger + 2E 7C903773 22 Bytes CALL 7C8D6A14 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlConvertUlongToLargeInteger + 46 7C90378B 8 Bytes CALL 7C8D971A C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlConvertUlongToLargeInteger + 4F 7C903794 57 Bytes JMP 7C8F2557 C:\WINDOWS\system32\kernel32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlConvertUlongToLargeInteger + 89 7C9037CE 86 Bytes [ 46, 08, 2B, 47, 38, 89, 06, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlConvertUlongToLargeInteger + E0 7C903825 11 Bytes [ 8B, 47, 34, 8B, 4E, 04, 03, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCaptureContext + 87 7C9038CC 6 Bytes [ 85, DB, 76, 55, A1, 80 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCaptureContext + 8E 7C9038D3 146 Bytes [ DA, 77, F6, 40, 02, 04, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCaptureContext + 15AF 7C904DF4 11 Bytes [ 00, FF, B5, F0, FD, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCaptureContext + 15BB 7C904E00 48 Bytes [ FF, 70, 18, FF, 15, 10, 10, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!RtlCaptureContext + 15EC 7C904E31 3 Bytes [ 88, 7C, 8B ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAcceptConnectPort + 2 7C90D37B 22 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAccessCheck + 4 7C90D392 10 Bytes [ 8B, 5D, 0C, 33, C9, 85, DB, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAccessCheck + F 7C90D39D 54 Bytes [ 00, 00, 55, 8B, 45, 14, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 7 7C90D3D4 63 Bytes [ 89, 04, AF, 8B, CA, 8B, 44, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 7C90D414 44 Bytes [ C8, 8B, 44, AF, 0C, 83, D2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAddBootEntry + B 7C90D441 37 Bytes [ 25, AC, 11, DD, 77, 46, E9, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAdjustPrivilegesToken + 7 7C90D467 39 Bytes [ 00, 8B, F0, 85, F6, 89, 75, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAlertThread + 5 7C90D48F 22 Bytes [ 00, 85, C0, 0F, 84, 15, ED, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAllocateLocallyUniqueId + 7 7C90D4A6 37 Bytes [ 00, 00, 8B, 4D, FC, 41, 0F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAllocateUuids + 5 7C90D4CE 72 Bytes [ 00, 89, 4D, F8, 8D, 3C, 19, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtAssignProcessToJobObject + F 7C90D517 115 Bytes [ 89, 45, EC, 89, 4D, F4, 0F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtClose + 5 7C90D58B 32 Bytes [ 89, 7D, 0C, 8B, 45, E8, 85, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCloseObjectAuditAlarm + 11 7C90D5AC 50 Bytes JMP 708C60B3
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCompleteConnectPort + 5 7C90D5DF 60 Bytes [ 00, 53, 57, 8D, 55, CC, 52, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtContinue + 4 7C90D61D 10 Bytes [ 53, 56, 8D, 4D, CC, 51, E8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtContinue + F 7C90D628 16 Bytes [ 85, FF, 0F, 85, 13, EC, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateDebugObject + B 7C90D639 4 Bytes [ FF, 90, 90, 90 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateDebugObject + 11 7C90D63F 115 Bytes [ 8B, FF, 55, 8B, EC, 8B, 55, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateJobObject + 7 7C90D6B3 37 Bytes [ 00, EB, B8, 90, 90, 90, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateKey + 4 7C90D6DA 82 Bytes [ 55, 8B, 45, 14, 8B, 75, 10, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreatePagingFile + 3 7C90D72D 20 Bytes [ 89, 44, AF, 08, 8B, CA, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreatePort + 3 7C90D742 94 Bytes [ 03, C1, 83, D2, 00, 89, 44, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateSection + E 7C90D7A1 2 Bytes [ EB, EA ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateSection + 11 7C90D7A4 10 Bytes [ 8B, 45, 08, 57, 50, 56, 56, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateSemaphore + 7 7C90D7AF 17 Bytes [ 00, 8B, 0C, 33, 03, C8, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateSymbolicLinkObject + 5 7C90D7C2 53 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateTimer + 11 7C90D7F8 10 Bytes [ 8B, 4C, BB, 04, 3B, C8, 57, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateToken + 7 7C90D803 28 Bytes [ 00, 00, 8B, 55, F8, 52, 2B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtCreateWaitablePort + F 7C90D820 9 Bytes [ 8B, 0C, 33, 3B, C8, 0F, 82, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtDebugActiveProcess + 5 7C90D82B 18 Bytes [ 2B, C8, 89, 0C, 33, 8B, 4D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtDebugContinue + 3 7C90D83E 7 Bytes [ 85, C0, 0F, 8D, A2, FA, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtDebugContinue + B 7C90D846 171 Bytes [ 8B, 45, 08, 8B, 4C, 33, FC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtDeviceIoControlFile + F 7C90D8F2 14 Bytes [ 00, 8B, 4A, 04, 8B, C1, C1, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtDisplayString + 9 7C90D901 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtDisplayString + B 7C90D903 75 Bytes [ F3, A5, 8B, C8, 8D, 85, 64, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtEnumerateKey + 3 7C90D94F 7 Bytes [ 75, 28, 80, BD, 75, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtEnumerateKey + B 7C90D957 12 Bytes [ FF, 75, 1F, C7, 85, 3C, FE, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 3 7C90D964 7 Bytes [ 8B, 4D, FC, 8B, 85, 3C, FE ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + B 7C90D96C 12 Bytes CALL 7C8FAD0C
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtEnumerateValueKey + 3 7C90D979 33 Bytes [ 83, 3B, 02, 75, E6, E9, F8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtExtendSection + 10 7C90D99B 51 Bytes [ 00, 00, 00, 53, 8B, 5D, 08, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtFlushBuffersFile + 5 7C90D9CF 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtFlushBuffersFile + 7 7C90D9D1 28 Bytes [ 3B, C8, 8D, 0C, 36, 0F, 84, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtFlushInstructionCache + F 7C90D9EE 12 Bytes [ 00, 00, 85, C0, 7D, 4F, C1, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtFlushKey + 7 7C90D9FB 7 Bytes [ 00, 00, 0F, 87, AA, E6, 01 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtFlushKey + F 7C90DA03 96 Bytes [ 8D, 95, 70, FF, FF, FF, 33, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtFsControlFile + 7 7C90DA64 50 Bytes [ 8B, 4D, 0C, 8B, 7D, 08, 8D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtGetDevicePowerState + 12 7C90DA99 9 Bytes [ 8B, FF, 55, 8B, EC, B8, 10, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtGetPlugPlayEvent + 7 7C90DAA3 3 Bytes CALL 7C90D440 C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtGetPlugPlayEvent + B 7C90DAA7 12 Bytes [ FF, A1, 68, 61, E4, 77, 83, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtGetWriteWatch + 3 7C90DAB4 70 Bytes [ 53, 8B, 5D, 10, 89, 45, FC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtImpersonateThread + B 7C90DAFB 20 Bytes [ FF, 75, 25, FF, B5, F4, EF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtInitializeRegistry + B 7C90DB10 16 Bytes [ FF, 29, B5, F8, EF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtInitiatePowerAction + 7 7C90DB21 37 Bytes [ 00, 00, 8B, 4D, FC, 8B, 85, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtIsSystemResumeAutomatic + 4 7C90DB48 2 Bytes [ BB, 01 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtIsSystemResumeAutomatic + 7 7C90DB4B 11 Bytes [ 00, 00, EB, 38, 33, C9, E9, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtListenPort 7C90DB59 24 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtLoadDriver + 5 7C90DB73 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtLoadDriver + 7 7C90DB75 17 Bytes [ 76, D1, 8B, 45, 08, 8D, 44, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtLoadKey + 4 7C90DB87 42 Bytes [ 8B, 4D, 18, 85, C9, 8B, 75, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtLockFile + 5 7C90DBB2 19 Bytes [ 3B, DF, 0F, 82, 6F, E7, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtLockProductActivationKeys + 4 7C90DBC6 2 Bytes [ 02, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtLockProductActivationKeys + 7 7C90DBC9 79 Bytes [ 0F, 87, 70, E7, 01, 00, 8D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtMakeTemporaryObject + 5 7C90DC1B 68 Bytes JMP 708B6722
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtMapViewOfSection + B 7C90DC60 24 Bytes [ FF, 8B, 4C, 86, F8, 51, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtModifyBootEntry + F 7C90DC79 8 Bytes [ 00, 85, C0, 75, 05, B8, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtNotifyChangeDirectoryFile + 4 7C90DC83 73 Bytes [ 8B, 4D, 14, 8B, 5D, EC, 51, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenDirectoryObject + F 7C90DCCD 134 Bytes [ 00, 8B, 45, F4, 57, 83, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenMutant + 3 7C90DD54 24 Bytes [ 5B, 8B, E5, 5D, C2, 14, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenObjectAuditAlarm + 7 7C90DD6D 3 Bytes JMP 7C90DC97 C:\WINDOWS\system32\ntdll.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenObjectAuditAlarm + B 7C90DD71 4 Bytes [ FF, 90, 90, 90 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenObjectAuditAlarm + 11 7C90DD77 45 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenProcessTokenEx 7C90DDA5 19 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenProcessTokenEx + 14 7C90DDB9 45 Bytes [ 8B, 54, 81, FC, 48, 85, D2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtOpenSymbolicLinkObject + 3 7C90DDE7 104 Bytes [ 48, EB, DE, 90, 90, 90, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtPlugPlayControl + 3 7C90DE50 43 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtPrivilegeCheck + 5 7C90DE7C 3 Bytes [ 89, 85, BC ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtPrivilegeCheck + 9 7C90DE80 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] ntdll.dll!NtPrivilegeCheck + B 7C90DE82 3 Bytes [ BB, 9C, 00 ]<

Edited by Chris H, 18 January 2007 - 07:39 AM.

  • 0

#4
Chris H
Posted 18 January 2007 - 07:50 AM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!PeekConsoleInputA + 7 7C873494 12 Bytes [ 73, 00, 65, 00, 20, 00, 73, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!PeekConsoleInputA + 14 7C8734A1 44 Bytes [ 00, 72, 00, 69, 00, 74, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!PeekConsoleInputW + 1E 7C8734CE 11 Bytes [ 61, 00, 74, 00, 20, 00, 79, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ReadConsoleInputA + 7 7C8734DA 1 Byte [ 20 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ReadConsoleInputA + 9 7C8734DC 55 Bytes [ 63, 00, 61, 00, 6E, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ReadConsoleInputW + 1E 7C873514 11 Bytes [ 61, 00, 75, 00, 74, 00, 68, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ReadConsoleInputExA + 7 7C873520 23 Bytes [ 74, 00, 69, 00, 63, 00, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ReadConsoleInputExA + 1F 7C873538 35 Bytes [ 0D, 00, 0A, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ReadConsoleInputExW + 1F 7C87355C 7 Bytes [ 64, 00, 20, 00, 63, 00, 65 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorInfo + 3 7C873564 1 Byte [ 72 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorInfo + 5 7C873566 25 Bytes [ 74, 00, 69, 00, 66, 00, 69, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorInfo + 1F 7C873580 31 Bytes [ 20, 00, 66, 00, 6F, 00, 72, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorInfo + 3F 7C8735A0 119 Bytes [ 69, 00, 6F, 00, 6E, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorInfo + B7 7C873618 19 Bytes [ 74, 00, 6F, 00, 72, 00, 2E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleSelectionInfo + 3 7C87362C 1 Byte [ 65 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleSelectionInfo + 5 7C87362E 25 Bytes [ 20, 00, 6D, 00, 61, 00, 79, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleSelectionInfo + 1F 7C873648 155 Bytes [ 69, 00, 6F, 00, 6E, 00, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleMouseButtons + 3 7C8736E4 1 Byte [ 61 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleMouseButtons + 5 7C8736E6 25 Bytes [ 73, 00, 20, 00, 64, 00, 65, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleMouseButtons + 1F 7C873700 155 Bytes [ 69, 00, 6C, 00, 65, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontInfo + 3 7C87379C 1 Byte [ 74 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontInfo + 5 7C87379E 25 Bytes [ 61, 00, 63, 00, 74, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontInfo + 1F 7C8737B8 87 Bytes [ 65, 00, 6D, 00, 0D, 00, 0A, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontInfo + 77 7C873810 13 Bytes [ 73, 00, 20, 00, 6F, 00, 66, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontInfo + 85 7C87381E 139 Bytes [ 65, 00, 20, 00, 73, 00, 6D, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontSize + 9 7C8738CA 1 Byte [ 63 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontSize + B 7C8738CC 11 Bytes [ 74, 00, 20, 00, 79, 00, 6F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontSize + 17 7C8738D8 1 Byte [ 20 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontSize + 19 7C8738DA 27 Bytes [ 73, 00, 79, 00, 73, 00, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleFontSize + 35 7C8738F6 57 Bytes [ 74, 00, 72, 00, 61, 00, 74, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrentConsoleFont + 3 7C873952 1 Byte [ 72 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrentConsoleFont + 5 7C873954 25 Bytes [ 20, 00, 61, 00, 75, 00, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrentConsoleFont + 1F 7C87396E 159 Bytes [ 6F, 00, 6E, 00, 20, 00, 77, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrentConsoleFont + BF 7C873A0E 27 Bytes [ 72, 00, 64, 00, 20, 00, 63, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GenerateConsoleCtrlEvent + 9 7C873A2A 1 Byte [ 20 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GenerateConsoleCtrlEvent + B 7C873A2C 27 Bytes [ 75, 00, 73, 00, 65, 00, 64, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GenerateConsoleCtrlEvent + 27 7C873A48 1 Byte [ 6E ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GenerateConsoleCtrlEvent + 29 7C873A4A 21 Bytes [ 74, 00, 69, 00, 63, 00, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GenerateConsoleCtrlEvent + 3F 7C873A60 27 Bytes [ 73, 00, 20, 00, 65, 00, 78, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleActiveScreenBuffer + A 7C873AB2 13 Bytes [ 64, 00, 6D, 00, 69, 00, 6E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleActiveScreenBuffer + 18 7C873AC0 27 Bytes [ 72, 00, 61, 00, 74, 00, 6F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleActiveScreenBuffer + 34 7C873ADC 19 Bytes [ 65, 00, 20, 00, 64, 00, 72, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleActiveScreenBuffer + 48 7C873AF0 53 Bytes [ 6F, 00, 75, 00, 6C, 00, 64, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FlushConsoleInputBuffer + A 7C873B26 13 Bytes [ 61, 00, 20, 00, 70, 00, 72, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FlushConsoleInputBuffer + 18 7C873B34 27 Bytes [ 6F, 00, 75, 00, 73, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FlushConsoleInputBuffer + 34 7C873B50 19 Bytes [ 20, 00, 74, 00, 68, 00, 65, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FlushConsoleInputBuffer + 48 7C873B64 53 Bytes [ 72, 00, 20, 00, 69, 00, 73, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleScreenBufferSize + A 7C873B9A 13 Bytes [ 4F, 00, 57, 00, 20, 00, 41, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleScreenBufferSize + 18 7C873BA8 28 Bytes [ 72, 00, 74, 00, 69, 00, 6F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleScreenBufferSize + 35 7C873BC5 4 Bytes [ 00, 00, 00, 5C ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleScreenBufferSize + 3A 7C873BCA 19 Bytes [ 01, 00, 44, 00, 65, 00, 62, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleScreenBufferSize + 4E 7C873BDE 53 Bytes [ 64, 00, 69, 00, 64, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorPosition + A 7C873C14 12 Bytes [ 6E, 00, 67, 00, 65, 00, 2E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorPosition + 19 7C873C23 23 Bytes [ 00, 68, 00, 01, 00, 44, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorPosition + 31 7C873C3B 8 Bytes [ 00, 61, 00, 73, 00, 20, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorPosition + 3A 7C873C44 19 Bytes [ 6F, 00, 75, 00, 6E, 00, 64, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorPosition + 4E 7C873C58 47 Bytes [ 70, 00, 70, 00, 6C, 00, 69, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorInfo + 4 7C873C88 23 Bytes [ 0A, 00, 00, 00, 48, 00, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorInfo + 1C 7C873CA0 153 Bytes [ 6E, 00, 67, 00, 20, 00, 62, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorInfo + B6 7C873D3A 25 Bytes [ 68, 00, 65, 00, 20, 00, 62, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleWindowInfo + 3 7C873D54 1 Byte [ 6E ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleWindowInfo + 5 7C873D56 21 Bytes [ 64, 00, 6C, 00, 65, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleWindowInfo + 1B 7C873D6C 1 Byte [ 6C ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleWindowInfo + 1D 7C873D6E 161 Bytes [ 69, 00, 64, 00, 2E, 00, 0D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleWindowInfo + BF 7C873E10 19 Bytes [ 65, 00, 20, 00, 69, 00, 73, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ScrollConsoleScreenBufferA + 7 7C873F28 23 Bytes [ 75, 00, 6E, 00, 64, 00, 2E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ScrollConsoleScreenBufferA + 1F 7C873F40 35 Bytes [ 65, 00, 20, 00, 74, 00, 69, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!ScrollConsoleScreenBufferW + 1F 7C873F64 13 Bytes [ 20, 00, 69, 00, 6E, 00, 76, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleTextAttribute + 9 7C873F72 1 Byte [ 64 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleTextAttribute + B 7C873F74 11 Bytes [ 2E, 00, 0D, 00, 0A, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleTextAttribute + 17 7C873F80 1 Byte [ 54 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleTextAttribute + 19 7C873F82 93 Bytes [ 68, 00, 65, 00, 20, 00, 6F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleTextAttribute + 77 7C873FE0 13 Bytes [ 55, 00, 49, 00, 44, 00, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleFont + 9 7C873FEE 1 Byte [ 20 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleFont + B 7C873FF0 11 Bytes [ 61, 00, 6C, 00, 72, 00, 65, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleFont + 17 7C873FFC 1 Byte [ 79 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleFont + 19 7C873FFE 32 Bytes [ 20, 00, 00, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleFont + 3A 7C87401F 3 Bytes [ 00, 00, FF ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleIcon + A 7C874069 12 Bytes [ FF, FF, FF, FF, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleIcon + 19 7C874078 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleIcon + 2F 7C87408E 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleIcon + 34 7C874093 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleIcon + 48 7C8740A7 38 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCP + B 7C8740DE 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCP + 19 7C8740EC 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCP + 26 7C8740F9 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCP + 2D 7C874100 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCP + 32 7C874105 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCP + B 7C87414E 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCP + 1B 7C87415E 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCP + 36 7C874179 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCP + 38 7C87417B 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCP + 53 7C874196 98 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOutputCP + 2E 7C87428F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOutputCP + 3E 7C87429F 16 Bytes [ 00, 00, 00, 00, 00, 00, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOutputCP + 51 7C8742B2 46 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOutputCP + 80 7C8742E1 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOutputCP + 92 7C8742F3 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleKeyboardLayoutNameA + 13 7C87433C 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleKeyboardLayoutNameW + 7 7C874348 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleKeyboardLayoutNameW + 13 7C874354 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleWindow + B 7C874364 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleWindow + 19 7C874372 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleWindow + 29 7C874382 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleWindow + 2E 7C874387 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleWindow + 42 7C87439B 44 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleProcessList + 5 7C8743CA 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleProcessList + 2B 7C8743F0 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleProcessList + 33 7C8743F8 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleProcessList + 39 7C8743FE 51 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleProcessList + 6F 7C874434 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleFonts + B 7C87450C 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleFonts + 19 7C87451A 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleFonts + 29 7C87452A 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleFonts + 2E 7C87452F 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleFonts + 42 7C874543 44 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleInputEvents + 5 7C874572 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleInputEvents + 20 7C87458D 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleInputEvents + 3F 7C8745AC 109 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetNumberOfConsoleInputEvents + AD 7C87461A 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetLargestConsoleWindowSize + B 7C87463C 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetLargestConsoleWindowSize + 19 7C87464A 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetLargestConsoleWindowSize + 2F 7C874660 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetLargestConsoleWindowSize + 34 7C874665 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetLargestConsoleWindowSize + 48 7C874679 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleLocalEUDC + B 7C8746C4 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleLocalEUDC + 1F 7C8746D8 91 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleLocalEUDC + 7B 7C874734 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleLocalEUDC + 97 7C874750 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleLocalEUDC + C1 7C87477A 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorMode + B 7C87478A 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorMode + 19 7C874798 33 Bytes [ 00, 0A, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorMode + 3B 7C8747BA 8 Bytes [ 00, 00, 00, FF, 5C, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorMode + 46 7C8747C5 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleCursorMode + 48 7C8747C7 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorMode + F 7C87480E 32 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorMode + 32 7C874831 6 Bytes [ FF, FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorMode + 3B 7C87483A 13 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorMode + 4B 7C87484A 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCursorMode + 4D 7C87484C 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleOS2 + 2 7C8748CB 53 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleOS2 + 3A 7C874903 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleOS2 + 3C 7C874905 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleOS2 + 47 7C874910 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleOS2 + 4B 7C874914 2 Bytes [ FF, FF ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOS2OemFormat + 2 7C87493F 53 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOS2OemFormat + 3A 7C874977 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOS2OemFormat + 3C 7C874979 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOS2OemFormat + 47 7C874984 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleOS2OemFormat + 4B 7C874988 2 Bytes [ FF, FF ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleIME + 28 7C874AE1 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleIME + 32 7C874AEB 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleIME + 54 7C874B0D 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleIME + 64 7C874B1D 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!RegisterConsoleIME + 72 7C874B2B 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!UnregisterConsoleIME + 2D 7C874BB3 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!UnregisterConsoleIME + 31 7C874BB7 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!UnregisterConsoleIME + 41 7C874BC7 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!UnregisterConsoleIME + 43 7C874BC9 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!UnregisterConsoleIME + 4D 7C874BD3 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleNlsMode + 5 7C874F8C 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleNlsMode + 26 7C874FAD 38 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleNlsMode + 4D 7C874FD4 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleNlsMode + 4F 7C874FD6 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleNlsMode + 72 7C874FF9 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleNlsMode + B 7C8750E4 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleNlsMode + 1B 7C8750F4 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleNlsMode + 3C 7C875115 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleNlsMode + 3E 7C875117 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetConsoleNlsMode + 56 7C87512F 110 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCharType + 5 7C8751A8 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCharType + 20 7C8751C3 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCharType + 48 7C8751EB 109 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCharType + B6 7C875259 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetConsoleCharType + D2 7C875275 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLastConsoleEventActive + A 7C8754DD 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!VDMConsoleOperation + 5 7C8754E9 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!VDMConsoleOperation + 21 7C875505 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!VDMConsoleOperation + 27 7C87550B 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!VDMConsoleOperation + 48 7C87552C 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!VDMConsoleOperation + 53 7C875537 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumCalendarInfoExA + 9 7C875752 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumCalendarInfoExA + 1E 7C875767 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumTimeFormatsA + 7 7C875773 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumTimeFormatsA + 19 7C875785 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsA + 7 7C875791 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsA + 9 7C875793 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsA + 1B 7C8757A5 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsExA + 9 7C8757B3 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemLanguageGroupsA + 2 7C8757CC 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemLanguageGroupsA + 8 7C8757D2 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemLanguageGroupsA + B 7C8757D5 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemLanguageGroupsA + E 7C8757D8 17 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumLanguageGroupLocalesA + 2 7C8757EA 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumLanguageGroupLocalesA + 8 7C8757F0 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumLanguageGroupLocalesA + B 7C8757F3 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumLanguageGroupLocalesA + E 7C8757F6 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumLanguageGroupLocalesA + 11 7C8757F9 17 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumUILanguagesA + 2 7C87580B 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumUILanguagesA + 8 7C875811 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumUILanguagesA + B 7C875814 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumUILanguagesA + E 7C875817 6 Bytes [ FF, FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumUILanguagesA + 15 7C87581E 10 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemCodePagesA + 2 7C875829 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemCodePagesA + 8 7C87582F 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemCodePagesA + B 7C875832 17 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoA + 2 7C875844 35 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoA + 28 7C87586A 4 Bytes [ FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoA + 2F 7C875871 17 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoA + 41 7C875883 4 Bytes [ FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoA + 46 7C875888 5 Bytes [ FF, FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoA + 2 7C8758CD 15 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoA + 12 7C8758DD 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoA + 18 7C8758E3 9 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoA + 22 7C8758ED 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoA + 2C 7C8758F7 4 Bytes [ FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCalendarInfoA + 2 7C87596D 35 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCalendarInfoA + 27 7C875992 23 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCalendarInfoA + 40 7C8759AB 20 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCalendarInfoA + 55 7C8759C0 16 Bytes [ FF, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCalendarInfoA + 66 7C8759D1 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoA + B 7C875AE1 57 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoA + 45 7C875B1B 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoA + 69 7C875B3F 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoA + 7F 7C875B55 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoA + 85 7C875B5B 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrencyFormatA + B 7C875B84 63 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrencyFormatA + 4C 7C875BC5 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrencyFormatA + 55 7C875BCE 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrencyFormatA + 62 7C875BDB 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCurrencyFormatA + 6A 7C875BE3 42 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FoldStringA + B 7C875EBC 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FoldStringA + 2D 7C875EDE 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FoldStringA + 37 7C875EE8 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FoldStringA + 3F 7C875EF0 61 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!FoldStringA + 7E 7C875F2F 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCPInfoExA + B 7C876052 44 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCPInfoExA + 39 7C876080 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCPInfoExA + 45 7C87608C 61 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetCPInfoExA + 83 7C8760CA 62 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetStringTypeExA + 3A 7C876109 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetStringTypeExA + 4B 7C87611A 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetStringTypeExA + 51 7C876120 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetStringTypeExA + 56 7C876125 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetStringTypeExA + 65 7C876134 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!NlsResetProcessLocale + 11 7C8763DA 14 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!NlsResetProcessLocale + 20 7C8763E9 7 Bytes [ FF, FF, FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidLanguageGroup + 2 7C8763F1 21 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidLanguageGroup + 1A 7C876409 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidLanguageGroup + 23 7C876412 21 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidLanguageGroup + 39 7C876428 38 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidLanguageGroup + 60 7C87644F 13 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidUILanguage + 2 7C8764FD 34 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidUILanguage + 26 7C876521 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidUILanguage + 2A 7C876525 34 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidUILanguage + 4E 7C876549 1 Byte [ FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!IsValidUILanguage + 50 7C87654B 5 Bytes [ FF, FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoW + 2A 7C876D45 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoW + 2D 7C876D48 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoW + 35 7C876D50 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoW + 38 7C876D53 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetCalendarInfoW + 4E 7C876D69 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoW + B 7C876E7E 46 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoW + 3A 7C876EAD 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoW + 3D 7C876EB0 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoW + 4C 7C876EBF 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetLocaleInfoW + 4F 7C876EC2 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemLanguageGroupsW + 19 7C8786FE 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumLanguageGroupLocalesW + 1C 7C87871F 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemLocalesW + 16 7C87873A 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemCodePagesW + 16 7C878755 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumCalendarInfoW + 7 7C878761 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumCalendarInfoW + 1E 7C878778 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumCalendarInfoExW + 1E 7C87879B 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsExW + 15 7C8787B5 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsExW + 1B 7C8787BB 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsExW + 31 7C8787D1 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsExW + 38 7C8787D8 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumDateFormatsExW + 4D 7C8787ED 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoW + B 7C878852 55 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoW + 43 7C87888A 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoW + 46 7C87888D 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoW + 5D 7C8788A4 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!GetGeoInfoW + 60 7C8788A7 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemGeoID + 21 7C878BFA 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemGeoID + 2E 7C878C07 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemGeoID + 35 7C878C0E 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemGeoID + 48 7C878C21 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!EnumSystemGeoID + 53 7C878C2C 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] kernel32.dll!SetUserGeoID + B 7C878C67 50 Bytes [ 00, 00,
  • 0

#5
Chris H
Posted 18 January 2007 - 07:53 AM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcExceptionFilter + 27 77EA3DBE 42 Bytes [ 8A, FF, 9E, 90, 8A, FF, 9E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcExceptionFilter + 52 77EA3DE9 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcExceptionFilter + 58 77EA3DEF 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcExceptionFilter + 61 77EA3DF8 76 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcExceptionFilter + AF 77EA3E46 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidFromStringW + 48 77EA481B 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidEqual + E 77EA482E 41 Bytes [ 00, 00, 40, 79, B5, FF, 47, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidEqual + 38 77EA4858 29 Bytes [ 47, 87, CE, FF, 40, 79, B5, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidEqual + 56 77EA4876 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidEqual + 80 77EA48A0 22 Bytes [ F9, DD, CF, FF, E1, 55, 12, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidEqual + 97 77EA48B7 44 Bytes [ FF, DF, 48, 00, FF, E0, 4E, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingIsClientLocal + C 77EA4EB3 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingIsClientLocal + 11 77EA4EB8 146 Bytes [ 7B, 60, 54, CC, D6, CB, BF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingIsClientLocal + A4 77EA4F4B 40 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingIsClientLocal + CD 77EA4F74 123 Bytes [ B8, C4, D4, FF, B8, C4, D4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingIsClientLocal + 149 77EA4FF0 19 Bytes [ E3, 91, 6C, FF, E3, 91, 6C, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!GlobalMutexClearExternal + 60 77EB63CE 115 Bytes [ 00, 00, 00, 00, 00, 00, D0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!GlobalMutexClearExternal + D6 77EB6444 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!GlobalMutexClearExternal + DA 77EB6448 16 Bytes [ D0, D6, 93, 61, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!GlobalMutexClearExternal + EB 77EB6459 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!GlobalMutexClearExternal + F9 77EB6467 218 Bytes [ 00, 68, 42, 95, 61, 48, 44, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcNsInterfaceExported + C 77EB6F4B 36 Bytes [ 00, 49, 50, 61, 72, 65, 6E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcNsInterfaceExported + 31 77EB6F70 141 Bytes [ 49, 52, 65, 73, 6F, 6C, 76, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!DceErrorInqTextA + 2D 77EB6FFE 8 Bytes [ 68, 65, EA, 0F, 94, 61, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!DceErrorInqTextA + 37 77EB7008 49 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!DceErrorInqTextW + 16 77EB703B 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!DceErrorInqTextW + 1C 77EB7041 51 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!DceErrorInqTextW + 50 77EB7075 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqComTimeout + C 77EB7086 17 Bytes [ 00, 00, 8A, 50, 93, 61, FE, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqComTimeout + 1E 77EB7098 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqComTimeout + 20 77EB709A 15 Bytes [ 00, 00, 00, 00, 00, 00, 08, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqComTimeout + 30 77EB70AA 93 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcConnectionSetSockBuffSize + E 77EB7109 88 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcPauseExecution + 1C 77EB7163 123 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpResolveBinding + 20 77EB71DF 14 Bytes [ 00, D0, D6, 93, 61, 8A, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpResolveBinding + 30 77EB71EF 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpResolveBinding + 41 77EB7200 16 Bytes [ 8A, 50, 93, 61, BE, 11, 94, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNsBindingInqEntryNameW + C 77EB7211 99 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcNsBindingSetEntryNameW + 1D 77EB7275 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcNsBindingSetEntryNameW + 1F 77EB7277 28 Bytes [ 00, D0, D6, 93, 61, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcNsBindingSetEntryNameW + 3D 77EB7295 73 Bytes [ 00, 00, 00, 60, 47, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqSecurityContext + 41 77EB72DF 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTurnOnEEInfoPropagation + A 77EB72EE 35 Bytes [ 00, 00, 8A, 50, 93, 61, B6, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingReset + 1C 77EB7312 88 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoW + 36 77EB736B 35 Bytes [ 00, 8A, 50, 93, 61, 3A, 13, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoW + 5A 77EB738F 17 Bytes [ 00, 00, 00, 00, 00, 00, 47, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoW + 6C 77EB73A1 45 Bytes [ 46, 96, 61, DC, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoW + 9A 77EB73CF 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoW + D0 77EB7405 60 Bytes [ 00, 00, 00, 00, 47, 96, 61, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqWireIdForSnego + 3B 77EB78E6 16 Bytes [ 00, 00, A8, 39, 95, 61, C8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingHandleToAsyncHandle + C 77EB78F7 72 Bytes [ 00, 00, 47, 96, 61, F4, 46, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingHandleToAsyncHandle + 55 77EB7940 16 Bytes [ D0, D6, 93, 61, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingHandleToAsyncHandle + 66 77EB7951 75 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingHandleToAsyncHandle + B2 77EB799D 19 Bytes [ D6, 93, 61, 8A, 50, 93, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingHandleToAsyncHandle + C8 77EB79B3 46 Bytes [ 00, D0, D6, 93, 61, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransIoCancelled + 8B 77EB8212 83 Bytes [ 96, 61, DC, 46, 96, 61, D0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransIoCancelled + DF 77EB8266 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransIoCancelled + E5 77EB826C 120 Bytes [ 00, 00, 00, 00, 48, 35, 95, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransIoCancelled + 15F 77EB82E6 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransIoCancelled + 17E 77EB8305 165 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqDefaultProtectLevel + B 77EB94C0 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqDefaultProtectLevel + 12 77EB94C7 124 Bytes [ 00, D0, D6, 93, 61, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqOption + 1E 77EB9544 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqOption + 20 77EB9546 43 Bytes [ 00, 00, D0, D6, 93, 61, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqOption + 4D 77EB9573 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqOption + 52 77EB9578 57 Bytes [ 00, 47, 96, 61, F4, 46, 96, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqConnId + 35 77EB95B2 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqConnId + 52 77EB95CF 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqConnId + 57 77EB95D4 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqConnId + 59 77EB95D6 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqConnId + 5F 77EB95DC 9 Bytes [ F8, 2D, 95, 61, BC, E5, 93, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsW + C 77EB96A9 19 Bytes [ 00, 00, 00, D0, D6, 93, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsW + 21 77EB96BE 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsW + 25 77EB96C2 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcObjectInqType + F 77EB96D6 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcObjectInqType + 22 77EB96E9 71 Bytes [ 46, 96, 61, DC, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcObjectSetInqFn + 1D 77EB9732 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcObjectSetInqFn + 21 77EB9736 111 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcProtseqVectorFreeW + 45 77EB97A6 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcProtseqVectorFreeW + 4F 77EB97B0 16 Bytes [ 00, 00, 00, 00, C8, 2E, 95, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqIf + C 77EB97C1 102 Bytes [ 00, 00, 00, 00, 47, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUnregisterIfEx + 47 77EB9828 116 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqStats + 63 77EB989D 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqStats + 6B 77EB98A5 76 Bytes CALL 77EFFA3D C:\WINDOWS\system32\RPCRT4.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqDynamicEndpointA + 8 77EB98F2 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqDynamicEndpointA + 25 77EB990F 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqDynamicEndpointA + 3C 77EB9926 91 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqDynamicEndpointA + 99 77EB9983 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcBindingInqDynamicEndpointA + A1 77EB998B 106 Bytes [ 00, 00, 00, 00, 00, 08, 2F, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcGetAuthorizationContextForClient + 1E 77EB9BC2 13 Bytes [ 00, 00, 8A, 50, 93, 61, 9A, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcGetAuthorizationContextForClient + 2E 77EB9BD2 145 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcGetAuthorizationContextForClient + C0 77EB9C64 43 Bytes [ 00, 47, 96, 61, F4, 46, 96, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcFreeAuthorizationContext + 27 77EB9C90 9 Bytes [ D0, D6, 93, 61, 8A, 50, 93, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqIfIds + 5 77EB9C9A 7 Bytes [ 93, 61, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqIfIds + D 77EB9CA2 27 Bytes [ 00, 00, 00, 00, 00, 00, D0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqIfIds + 29 77EB9CBE 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqIfIds + 41 77EB9CD6 94 Bytes [ 00, 00, 00, 47, 96, 61, F4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcIfIdVectorFree + 53 77EB9D35 104 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqServerPrincNameW + 65 77EB9D9F 10 Bytes [ 00, 8A, 50, 93, 61, 72, ED, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqServerPrincNameW + 70 77EB9DAA 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqServerPrincNameW + 76 77EB9DB0 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtInqServerPrincNameW + 7A 77EB9DB4 111 Bytes [ 00, 00, 00, 00, F8, 30, 95, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqDefaultPrincNameA + 43 77EB9E24 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqDefaultPrincNameA + 5D 77EB9E3E 75 Bytes [ 00, 00, 00, 47, 96, 61, F4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqLocalConnAddress + 48 77EB9E8B 6 Bytes [ 00, D0, D6, 93, 61, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqLocalConnAddress + 4F 77EB9E92 14 Bytes [ 00, 00, 8A, 50, 93, 61, 62, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqLocalConnAddress + 5F 77EB9EA2 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqLocalConnAddress + 75 77EB9EB8 91 Bytes [ 00, 00, 00, 00, 00, 47, 96, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseAllProtseqsEx + 58 77EB9F15 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseAllProtseqsEx + 63 77EB9F20 8 Bytes [ 28, 31, 95, 61, 00, EF, 93, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseAllProtseqsEx + 6C 77EB9F29 120 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseAllProtseqsEx + E5 77EB9FA2 99 Bytes [ 00, 00, 00, 47, 96, 61, F4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseAllProtseqsEx + 149 77EBA006 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseAllProtseqs + 1E 77EBA04F 102 Bytes [ 00, D0, D6, 93, 61, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqCallAttributesW + 56 77EBA0B6 39 Bytes [ 94, 61, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqCallAttributesW + 7F 77EBA0DF 16 Bytes [ 00, 00, 00, 00, 00, 48, 3B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqCallAttributesW + 90 77EBA0F0 90 Bytes [ 00, 00, 00, 00, 00, 47, 96, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcSessionStrictContextHandle + 56 77EBA14B 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcSessionStrictContextHandle + 74 77EBA169 87 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcSessionStrictContextHandle + CC 77EBA1C1 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcSessionStrictContextHandle + 105 77EBA1FA 44 Bytes [ 96, 61, B8, 46, 96, 61, AC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcSessionStrictContextHandle + 133 77EBA228 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcDeleteMutex + 17 77EBB0CB 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcEnableWmiTrace + 12 77EBB0E2 118 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcEnableWmiTrace + 89 77EBB159 228 Bytes [ 31, 94, 61, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcEnableWmiTrace + 16E 77EBB23E 194 Bytes [ 93, 61, 12, 32, 94, 61, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcReallocPipeBuffer + 20 77EBB301 90 Bytes [ 5B, C0, 06, 32, 5B, 62, 5B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqTransportType + 26 77EBB35D 20 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqTransportType + 3B 77EBB372 41 Bytes [ 96, 61, C4, 46, 96, 61, B8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqTransportType + 65 77EBB39C 28 Bytes [ D0, D6, 93, 61, 8A, 50, 93, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqTransportType + 83 77EBB3BA 23 Bytes [ 00, 00, 8A, 50, 93, 61, 7E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerInqTransportType + 9B 77EBB3D2 80 Bytes [ 00, 00, 78, 3F, 95, 61, B4, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerYield + C 77EBB452 84 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerTestCancel + 22 77EBB4A8 21 Bytes [ 8A, 50, 93, 61, 7A, 34, 94, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerTestCancel + 39 77EBB4BF 78 Bytes [ 00, 98, 3F, 95, 61, A0, 34, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcGetExtendedError + 21 77EBB50E 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcGetExtendedError + 23 77EBB510 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCancelThread + 7 77EBB549 87 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCancelThreadEx + 37 77EBB5A1 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCancelThreadEx + 41 77EBB5AB 12 Bytes [ 00, B8, 3F, 95, 61, 8C, 35, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCancelThreadEx + 4F 77EBB5B9 70 Bytes [ 00, 00, 00, 00, 47, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCancelThreadEx + 98 77EBB602 25 Bytes [ 00, 00, 00, 00, 00, 00, D0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCancelThreadEx + B3 77EBB61D 95 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerAllocateIpPort + 90 77EBC552 11 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerAllocateIpPort + 9C 77EBC55E 23 Bytes [ FF, FF, BC, 1F, E6, 1F, 0A, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcServerAllocateIpPort + B4 77EBC576 206 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerUseProtseqIfExA + 50 77EBC645 93 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNsBindingInqEntryNameA + 25 77EBC6A4 112 Bytes [ 00, 00, 00, 00, D0, D6, 93, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNsBindingInqEntryNameA + 96 77EBC715 156 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqCallAttributesA + 42 77EBC7B3 248 Bytes [ 00, 00, 00, 00, 00, 08, 33, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcServerInqCallAttributesA + 13B 77EBC8AC 255 Bytes [ 88, 33, 95, 61, 8C, F8, 93, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoExA + 46 77EBC9AC 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoExA + 49 77EBC9AF 73 Bytes [ 00, 00, 47, 96, 61, F4, 46, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoExA + 95 77EBC9FB 234 Bytes [ 00, 8A, 50, 93, 61, D2, F9, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoExA + 181 77EBCAE7 25 Bytes [ 00, 00, 00, 00, 00, D0, D6, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoExA + 19B 77EBCB01 116 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCertGeneratePrincipalNameA + B 77EBCB76 104 Bytes [ 00, 00, 00, 00, 00, 00, D0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsA + 10 77EBCBE0 33 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsA + 32 77EBCC02 8 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsA + 3B 77EBCC0B 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsA + 3F 77EBCC0F 17 Bytes [ 00, D0, D6, 93, 61, 8A, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcNetworkInqProtseqsA + 51 77EBCC21 37 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidFromStringA + 16 77EBCC47 122 Bytes [ 00, 60, 47, 96, 61, 60, 47, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidFromStringA + 91 77EBCCC2 13 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidFromStringA + 9F 77EBCCD0 16 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidFromStringA + B0 77EBCCE1 10 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoA + 2 77EBCCEC 4 Bytes [ FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoA + 7 77EBCCF1 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingInqAuthInfoA + 9 77EBCCF3 60 Bytes [ 00, D0, D6, 93, 61, 8A, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoA + 1E 77EBCD31 10 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoA + 29 77EBCD3C 7 Bytes [ FF, FF, FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoA + 32 77EBCD45 115 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoA + A6 77EBCDB9 28 Bytes [ 47, 96, 61, 60, 47, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcBindingSetAuthInfoA + C3 77EBCDD6 53 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 8 77EBD680 147 Bytes [ 5C, 5B, 00, 00, C2, 04, F2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 9C 77EBD714 32 Bytes [ 4E, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramAllocate2 + BE 77EBD736 6 Bytes [ 00, 00, DA, 7E, 95, 61 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramAllocate2 + C7 77EBD73F 12 Bytes [ 00, 00, 00, 06, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramAllocate2 + D4 77EBD74C 40 Bytes [ 00, 00, 00, 00, 90, 86, 95, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramFree + C7 77EBE133 7 Bytes [ 02, 08, 01, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramFree + CF 77EBE13B 24 Bytes [ 00, 13, 00, 04, 00, 3C, 04, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramFree + E8 77EBE154 79 Bytes [ 24, 00, 44, 02, 08, 01, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramFree + 138 77EBE1A4 34 Bytes [ 00, 00, 00, 00, 12, C1, 04, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_RpcTransDatagramFree + 15C 77EBE1C8 41 Bytes [ 00, 00, 00, 00, 0A, 01, 04, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidHash + 1C 77EBF910 22 Bytes [ 54, 00, 0E, 04, 78, 35, 93, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!UuidIsNil + E 77EBF927 52 Bytes [ 00, 00, 00, 00, 00, 78, 35, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!I_UuidCreate + 1E 77EBF95C 199 Bytes [ 00, 47, 96, 61, F4, 46, 96, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncGetCallStatus + 2E 77EBFA25 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncGetCallStatus + 33 77EBFA2A 118 Bytes [ 00, 00, 78, 35, 93, 61, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncCancelCall + 3F 77EBFAA2 173 Bytes [ 00, 00, 78, 35, 93, 61, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncCancelCall + EE 77EBFB51 114 Bytes [ 47, 96, 61, F4, 46, 96, 61, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncCancelCall + 161 77EBFBC4 5 Bytes [ 00, 47, 96, 61, F4 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncCancelCall + 167 77EBFBCA 66 Bytes [ 96, 61, E2, 2B, 96, 61, E8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncCancelCall + 1AB 77EBFC0E 62 Bytes [ 00, 00, 0A, 2A, 93, 61, E6, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCertGeneratePrincipalNameW + 43 77EC052A 10 Bytes [ 00, 00, 3C, 47, 96, 61, 30, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCertGeneratePrincipalNameW + 4F 77EC0536 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCertGeneratePrincipalNameW + 5A 77EC0541 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCertGeneratePrincipalNameW + 78 77EC055F 69 Bytes [ 00, FC, 24, 93, 61, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcCertGeneratePrincipalNameW + BE 77EC05A5 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpRegisterNoReplaceW + 41 77EC09C8 73 Bytes [ 65, 53, 74, 61, 74, 75, 73, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpUnregister + 33 77EC0A12 5 Bytes [ 14, 00, 08, 00, 24 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpUnregister + 39 77EC0A18 13 Bytes [ 45, 04, 08, 03, 02, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpUnregister + 47 77EC0A26 1 Byte [ 08 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpUnregister + 49 77EC0A28 43 Bytes [ 13, 00, 08, 00, 8E, 00, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcEpUnregister + 75 77EC0A54 39 Bytes [ 04, 00, 08, 00, 70, 00, 08, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorSaveErrorInfo + 29 77EC137E 117 Bytes [ 95, 4F, BB, 81, 8E, 91, 0B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorSaveErrorInfo + 9F 77EC13F4 336 Bytes [ 1C, 51, 3A, 34, 2F, B3, 48, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorSaveErrorInfo + 1F0 77EC1545 462 Bytes [ 27, D3, 54, E2, A0, 23, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorSaveErrorInfo + 3BF 77EC1714 11 Bytes [ 44, 01, 08, 01, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorSaveErrorInfo + 3CB 77EC1720 1 Byte [ 04 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorEndEnumeration + 22 77EC199C 58 Bytes [ 18, 00, 13, 01, 0C, 00, 2C, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorLoadErrorInfo + 29 77EC19D7 137 Bytes [ 00, 00, 00, 05, 00, 08, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorLoadErrorInfo + B3 77EC1A61 218 Bytes [ 00, 06, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorLoadErrorInfo + 18E 77EC1B3C 292 Bytes [ 49, 45, 6E, 75, 6D, 53, 54, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorLoadErrorInfo + 2B3 77EC1C61 8 Bytes [ 00, 33, 6C, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorLoadErrorInfo + 2BC 77EC1C6A 209 Bytes [ 10, 00, 08, 00, 08, 00, 46, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorAddRecord + 2C 77EC1F0B 100 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorClearInformation + 5 77EC1F70 126 Bytes [ 1A, 01, 4A, 01, 7A, 01, 9E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorClearInformation + 84 77EC1FEF 380 Bytes [ FF, 00, 00, 00, 00, 30, 5E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcErrorClearInformation + 201 77EC216C 360 Bytes [ 55, 8B, EC, 56, 57, 6A, 04, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqBegin + ED 77EC22D5 118 Bytes [ F8, 83, 7D, F8, 00, 7E, 09, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqBegin + 164 77EC234C 6 Bytes [ 10, 59, 8B, 45, FC, 8B ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqBegin + 16B 77EC2353 32 Bytes CALL 034DBA49
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqBegin + 18D 77EC2375 53 Bytes [ 8B, 45, E0, 89, 45, F8, 83, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqBegin + 1C3 77EC23AB 127 Bytes [ 6A, 10, 59, A1, 20, F6, 96, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextA + 5 77EC242B 54 Bytes [ 7C, 14, 8B, 45, FC, 83, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextA + 3C 77EC2462 12 Bytes [ 89, 45, E4, 8B, 45, E4, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextA + 49 77EC246F 27 Bytes [ 45, F8, 83, 7D, F8, 00, 7C, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextA + 65 77EC248B 51 Bytes [ 6A, 10, 59, 8B, 45, FC, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextA + 99 77EC24BF 53 Bytes [ 7C, 13, 8B, 45, FC, 40, 40, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpUnregister + 30 77EC26F1 33 Bytes [ 00, 6A, 10, 59, 8B, 45, FC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpUnregister + 52 77EC2713 234 Bytes [ 89, 45, EC, 8B, 45, EC, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpUnregister + 13D 77EC27FE 47 Bytes [ 0C, 83, 20, 00, 33, C0, 40, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpUnregister + 16D 77EC282E 119 Bytes [ 0B, 8B, 45, 0C, 83, 20, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpUnregister + 1E5 77EC28A6 17 Bytes [ FC, 8B, 04, 85, 04, FB, 96, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextW + 4 77EC2915 22 Bytes [ 45, E0, 89, 45, F8, 83, 7D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextW + 1B 77EC292C 34 Bytes [ 02, EB, 47, 8B, 45, FC, 40, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextW + 3E 77EC294F 31 Bytes [ 75, 08, 33, C0, 89, 45, DC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtEpEltInqNextW + 5F 77EC2970 122 Bytes [ F8, 00, 74, 02, EB, 0D, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtSetAuthorizationFn + 6D 77EC29EB 16 Bytes [ 10, 59, 8B, 45, FC, 8B, 04, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtSetAuthorizationFn + 7E 77EC29FC 33 Bytes [ 08, 33, C0, 89, 45, EC, F3, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtSetAuthorizationFn + A0 77EC2A1E 7 Bytes [ 7C, 13, 8B, 45, FC, 40, 40 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtSetAuthorizationFn + A8 77EC2A26 126 Bytes [ 45, FC, 83, 7D, F8, 00, 75, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcMgmtSetAuthorizationFn + 127 77EC2AA5 120 Bytes [ 83, D8, FF, 89, 45, DC, 8B, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NdrCreateServerInterfaceFromStub + 4D 77EC9B68 18 Bytes [ 45, 08, 8B, 08, 50, 46, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NdrCreateServerInterfaceFromStub + 60 77EC9B7B 24 Bytes [ 8B, FF, 55, 8B, EC, 6A, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NdrCreateServerInterfaceFromStub + 79 77EC9B94 1 Byte [ 6A ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NdrCreateServerInterfaceFromStub + 7B 77EC9B96 28 Bytes [ FF, 75, 0C, FF, 15, 74, 19, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NdrCreateServerInterfaceFromStub + 98 77EC9BB3 49 Bytes [ 75, 0C, FF, 15, 38, 18, 1E, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncRegisterInfo + 19 77ECA702 37 Bytes [ 56, 89, BD, F4, FD, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncRegisterInfo + 3F 77ECA728 14 Bytes [ 00, 57, 8D, 85, FC, FD, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncRegisterInfo + 4F 77ECA738 31 Bytes [ 0F, 8C, 1D, 01, 00, 00, 57, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncRegisterInfo + 6F 77ECA758 15 Bytes [ FF, 8D, 85, FC, FD, FF, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcAsyncRegisterInfo + 7F 77ECA768 18 Bytes [ 0F, 8C, ED, 00, 00, 00, 83, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsContextLockShared + 42 77ED00A3 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsContextLockShared + 65 77ED00C6 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsContextLockShared + 68 77ED00C9 37 Bytes [ E5, FF, FF, 90, E6, FE, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsContextLockShared + 8E 77ED00EF 36 Bytes [ FF, 90, DC, FC, FF, 91, DC, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsContextLockShared + B3 77ED0114 31 Bytes [ 89, DA, FB, FF, 89, DA, FB, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRSContextMarshallEx + 2 77ED01D8 42 Bytes [ 88, D9, FB, FF, 88, D9, FB, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRSContextMarshall + 7 77ED0203 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRSContextMarshall + 24 77ED0220 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRSContextUnmarshall + 7 77ED022C 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRSContextUnmarshall + 21 77ED0246 17 Bytes [ 00, 00, 9A, EB, FD, FF, 9F, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRSContextUnmarshallEx + D 77ED0258 23 Bytes [ 99, D9, EF, FF, 8A, D0, F1, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!MIDL_wchar_strlen + 2 77ED0270 59 Bytes [ 91, DC, FB, FF, 91, DC, FB, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!MIDL_wchar_strcpy + 1E 77ED02AC 51 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!char_from_ndr + 2F 77ED02E0 91 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!char_array_from_ndr + 57 77ED033C 70 Bytes [ 8D, E3, FF, 8A, 8D, E3, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsGetContextBinding + 38 77ED0383 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsGetContextBinding + 3A 77ED0385 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsGetContextBinding + 3E 77ED0389 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsGetContextBinding + 45 77ED0390 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!RpcSsGetContextBinding + 66 77ED03B1 114 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!NDRcopy + 24 77ED044D 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_from_ndr + C 77ED045E 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_from_ndr + 35 77ED0487 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_from_ndr + 45 77ED0497 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_from_ndr + 58 77ED04AA 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_from_ndr + 5E 77ED04B0 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_size_ndr + 45 77ED08D3 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_size_ndr + 4A 77ED08D8 187 Bytes [ 6D, 68, 6C, 4B, 88, 81, 84, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_size_ndr + 106 77ED0994 18 Bytes [ 77, C3, E3, FF, 76, C3, E2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_size_ndr + 119 77ED09A7 52 Bytes [ FF, 75, C1, E0, FF, 75, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!data_size_ndr + 14E 77ED09DC 35 Bytes [ 00, 00, 00, 00, 68, 63, 66, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!tree_size_ndr + 79 77ED0AC0 75 Bytes [ 40, 60, 6E, DF, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!tree_size_ndr + C5 77ED0B0C 119 Bytes [ 35, 66, 7C, FF, 4A, 82, 9A, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll!tree_size_ndr + 13D 77ED0B84 7 Bytes [ 22, 3D, 49, FF, 1D, 34, 3F ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] RPCRT4.dll&#
  • 0

#6
Chris H
Posted 18 January 2007 - 07:57 AM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassW + 2C 71ABFBDD 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassW + 36 71ABFBE7 66 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassW + 7A 71ABFC2B 107 Bytes [ 00, 9F, C8, 00, 00, 16, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassW + E6 71ABFC97 62 Bytes [ 00, 30, 00, 00, 00, 70, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSARemoveServiceClass + 3A 71ABFCD6 62 Bytes [ C6, 01, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSARemoveServiceClass + 7A 71ABFD16 63 Bytes [ 02, 00, 76, 00, 00, 00, 18, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSARemoveServiceClass + BB 71ABFD57 42 Bytes [ 00, 20, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSARemoveServiceClass + E6 71ABFD82 41 Bytes [ 62, 00, 5F, 00, 30, 00, 30, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 26 71ABFDAD 83 Bytes [ 00, 00, 00, 11, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 7A 71ABFE01 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 95 71ABFE1C 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 9C 71ABFE23 45 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdA + CB 71ABFE52 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 26 71ABFF8F 54 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 5E 71ABFFC7 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 63 71ABFFCC 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 73 71ABFFDC 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 7A 71ABFFE3 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassInfoW + 17 71AC0158 7 Bytes [ D8, B8, 93, 00, FF, DC, B3 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassInfoW + 1F 71AC0160 7 Bytes [ DA, BD, 9B, 00, F4, D6, B1 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassInfoW + 27 71AC0168 11 Bytes [ E7, CA, A8, 00, FF, E5, C6, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassInfoW + 33 71AC0174 23 Bytes [ FC, E3, C5, 00, CB, B8, A2, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetServiceClassInfoW + 4B 71AC018C 8 Bytes [ FF, E7, C9, 00, FF, EA, CF, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceW + 1A 71AC0283 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceW + 28 71AC0291 55 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceW + 62 71AC02CB 51 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceW + 97 71AC0300 70 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceW + DF 71AC0348 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassA + A 71AC03B3 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassA + 11 71AC03BA 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassA + 20 71AC03C9 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassA + 24 71AC03CD 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAInstallServiceClassA + 33 71AC03DC 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceA + 3F 71AC04F9 115 Bytes [ 3F, 00, 00, FE, 1F, 3E, 76, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceA + B5 71AC056F 166 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceA + 15C 71AC0616 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceA + 171 71AC062B 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASetServiceA + 18D 71AC0647 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAsyncSelect + 69 71AC09E2 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAsyncSelect + 72 71AC09EB 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAsyncSelect + 7B 71AC09F4 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAsyncSelect + 8C 71AC0A05 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendDisconnect + 20 71AC0A2A 66 Bytes [ 00, 00, 55, 2A, 15, 01, 55, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendDisconnect + 63 71AC0A6D 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendDisconnect + 6C 71AC0A76 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendDisconnect + 75 71AC0A7F 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendDisconnect + 86 71AC0A90 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendTo + 1B 71AC0AB0 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendTo + 34 71AC0AC9 58 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendTo + 6F 71AC0B04 43 Bytes [ E5, BA, 8F, FF, E3, B8, 8E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendTo + 9C 71AC0B31 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSASendTo + A5 71AC0B3A 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!getpeername + 1A 71AC0B6A 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!getpeername + 20 71AC0B70 91 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!getpeername + 7C 71AC0BCC 20 Bytes [ B5, 81, 52, FD, 55, 2A, 15, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!shutdown + 3 71AC0BE1 22 Bytes [ 2A, 15, 16, 55, 2A, 15, 0D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!shutdown + 1A 71AC0BF8 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!shutdown + 20 71AC0BFE 66 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!shutdown + 63 71AC0C41 153 Bytes [ 00, 00, 00, 55, 2A, 15, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAConnect + 72 71AC0CDB 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAConnect + 7B 71AC0CE4 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAConnect + 84 71AC0CED 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAConnect + 95 71AC0CFE 73 Bytes [ 00, 00, 55, 2A, 15, 02, 55, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetOverlappedResult + 45 71AC0D48 57 Bytes [ DC, B6, 91, FF, B3, 89, 66, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetOverlappedResult + 7F 71AC0D82 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAGetOverlappedResult + 9B 71AC0D9E 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAccept + 26 71AC0DCF 40 Bytes [ 5F, 55, 2A, 15, 8B, 55, 2A, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAccept + 4F 71AC0DF8 95 Bytes [ C8, A6, 84, FF, D9, B4, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAccept + B0 71AC0E59 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAccept + C2 71AC0E6B 60 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAAccept + FF 71AC0EA8 11 Bytes [ B8, 99, 79, FF, BA, 99, 7A, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAJoinLeaf + 1A 71AC0F72 37 Bytes [ 8C, FF, D6, B4, 92, FF, DF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAJoinLeaf + 40 71AC0F98 7 Bytes [ BD, 9D, 7E, FF, BB, 9C, 7B ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAJoinLeaf + 48 71AC0FA0 111 Bytes [ B4, 8B, 61, FF, AA, 7B, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAJoinLeaf + B9 71AC1011 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSAJoinLeaf + CB 71AC1023 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!accept + 9 71AC1031 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!accept + 3B 71AC1063 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!accept + 4A 71AC1072 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!accept + 62 71AC108A 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!accept + 77 71AC109F 59 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCUpdateProvider + 4D 71AC12C6 5 Bytes [ 6D, 00, 65, 00, 2E ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCUpdateProvider + 53 71AC12CC 15 Bytes [ 72, 00, 75, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCUpdateProvider + 64 71AC12DD 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCUpdateProvider + 9F 71AC1318 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCUpdateProvider + B2 71AC132B 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCWriteProviderOrder + 29 71AC1542 1 Byte [ 2D ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCWriteProviderOrder + 2B 71AC1544 33 Bytes [ 73, 00, 65, 00, 61, 00, 72, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCWriteProviderOrder + 4E 71AC1567 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCWriteProviderOrder + 53 71AC156C 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCWriteProviderOrder + 77 71AC1590 176 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCInstallProvider + 5 71AC1652 99 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCInstallProvider + 6A 71AC16B7 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCInstallProvider + 6F 71AC16BC 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCInstallProvider + 85 71AC16D2 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCInstallProvider + 89 71AC16D6 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCDeinstallProvider + 37 71AC19E8 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCDeinstallProvider + 3C 71AC19ED 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCDeinstallProvider + 6F 71AC1A20 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCDeinstallProvider + 84 71AC1A35 102 Bytes [ 00, 00, 00, 01, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSCDeinstallProvider + EC 71AC1A9D 82 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WPUCompleteOverlappedRequest + 1B 71AC1CC2 10 Bytes [ 68, 00, 65, 00, 2D, 00, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WPUCompleteOverlappedRequest + 26 71AC1CCD 52 Bytes [ 00, 63, 00, 6F, 00, 6D, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WPUCompleteOverlappedRequest + 5B 71AC1D02 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WPUCompleteOverlappedRequest + 7B 71AC1D22 85 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WPUCompleteOverlappedRequest + D2 71AC1D79 54 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSApSetPostRoutine + 28 71AC1EF1 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSApSetPostRoutine + 32 71AC1EFB 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSApSetPostRoutine + 35 71AC1EFE 63 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSApSetPostRoutine + 75 71AC1F3E 24 Bytes [ 6F, 00, 63, 00, 65, 00, 6E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WSApSetPostRoutine + 8E 71AC1F57 38 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WEP + 3 71AC2108 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WEP + 15 71AC211A 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WEP + 38 71AC213D 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WEP + 3A 71AC213F 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2_32.dll!WEP + 51 71AC2156 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + FFFFD466 71AA1164 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + FFFFD46E 71AA116C 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + FFFFD472 71AA1170 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + FFFFD476 71AA1174 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + FFFFD47A 71AA1178 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahReferenceContextByHandle + 3A 71AA14DA 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahReferenceContextByHandle + 50 71AA14F0 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahReferenceContextByHandle + 5C 71AA14FC 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahReferenceContextByHandle + 77 71AA1517 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahReferenceContextByHandle + 7E 71AA151E 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseThread + C 71AA152F 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseThread + 12 71AA1535 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseThread + 37 71AA155A 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseThread + 3B 71AA155E 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseThread + 42 71AA1565 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenCurrentThread + C 71AA1589 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenCurrentThread + 12 71AA158F 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenCurrentThread + 36 71AA15B3 1 Byte [ 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenCurrentThread + 38 71AA15B5 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenCurrentThread + 57 71AA15D4 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahInsertHandleContext + 3C 71AA1748 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahInsertHandleContext + 46 71AA1752 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahInsertHandleContext + 57 71AA1763 54 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahInsertHandleContext + 8F 71AA179B 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahInsertHandleContext + 9C 71AA17A8 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahRemoveHandleContext + 15 71AA18DD 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahRemoveHandleContext + 3A 71AA1902 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahRemoveHandleContext + 70 71AA1938 17 Bytes [ 2D, 00, 31, 00, 2D, 00, 35, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahRemoveHandleContext + 82 71AA194A 5 Bytes [ 35, 00, 38, 00, 35 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahRemoveHandleContext + 88 71AA1950 37 Bytes [ 32, 00, 32, 00, 38, 00, 32, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateHandleContextTable + 1E 71AA1976 7 Bytes [ 30, 00, 32, 00, 34, 00, 30 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateHandleContextTable + 26 71AA197E 80 Bytes [ 30, 00, 32, 00, 31, 00, 36, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateHandleContextTable + 77 71AA19CF 2 Bytes [ FF, 9E ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateHandleContextTable + 7C 71AA19D4 81 Bytes [ 68, 00, 74, 00, 74, 00, 70, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateHandleContextTable + CE 71AA1A26 21 Bytes [ 33, 00, 31, 00, 26, 00, 63, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenApcHelper + 11 71AA1A3C 11 Bytes [ 74, 00, 65, 00, 72, 00, 6D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenApcHelper + 1D 71AA1A48 1 Byte [ 6F ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenApcHelper + 1F 71AA1A4A 9 Bytes [ 6D, 00, 65, 00, 6C, 00, 65, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenApcHelper + 29 71AA1A54 37 Bytes [ 73, 00, 25, 00, 32, 00, 30, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenApcHelper + 51 71AA1A7C 8 Bytes [ 00, 00, 00, 00, 20, 32, F2, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenNotificationHandleHelper + 11 71AA1C10 11 Bytes [ 30, 00, 20, 00, 28, 00, 63, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenNotificationHandleHelper + 1D 71AA1C1C 1 Byte [ 70 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenNotificationHandleHelper + 1F 71AA1C1E 9 Bytes [ 61, 00, 74, 00, 69, 00, 62, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenNotificationHandleHelper + 29 71AA1C28 39 Bytes [ 65, 00, 3B, 00, 20, 00, 4D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenNotificationHandleHelper + 51 71AA1C50 26 Bytes [ 20, 00, 4E, 00, 54, 00, 20, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahWaitForNotification + 15 71AA1D14 7 Bytes [ 73, 00, 70, 00, 65, 00, 61 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahWaitForNotification + 1D 71AA1D1C 1 Byte [ 6B ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahWaitForNotification + 1F 71AA1D1E 11 Bytes [ 2B, 00, 6F, 00, 75, 00, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahWaitForNotification + 2B 71AA1D2A 31 Bytes [ 74, 00, 6E, 00, 47, 00, 3D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahWaitForNotification + 4B 71AA1D4A 7 Bytes [ 68, 00, 26, 00, 6D, 00, 65 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateNotificationHandle + B 71AA20A5 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateNotificationHandle + 2C 71AA20C6 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateNotificationHandle + 35 71AA20CF 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateNotificationHandle + 42 71AA20DC 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateNotificationHandle + 4A 71AA20E4 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnumerateHandleContexts + C 71AA22DD 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnumerateHandleContexts + 19 71AA22EA 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnumerateHandleContexts + 3B 71AA230C 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnumerateHandleContexts + 55 71AA2326 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnumerateHandleContexts + 5F 71AA2330 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseApcHelper + C 71AA236F 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseApcHelper + 12 71AA2375 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseApcHelper + 25 71AA2388 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseApcHelper + 45 71AA23A8 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseApcHelper + 51 71AA23B4 60 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahQueueUserApc + C 71AA2AC1 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahQueueUserApc + 29 71AA2ADE 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahQueueUserApc + 31 71AA2AE6 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahQueueUserApc + 4B 71AA2B00 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahQueueUserApc + 57 71AA2B0C 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseHandleHelper + 2D 71AA30F2 76 Bytes [ 89, 5D, E0, 50, 68, 5C, 78, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateSocketHandle + 35 71AA313F 26 Bytes [ 85, C0, 74, 4F, 8D, 45, D4, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateSocketHandle + 50 71AA315A 31 Bytes [ 75, E4, FF, 15, D4, 10, AB, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateSocketHandle + 70 71AA317A 22 Bytes [ E0, 6A, 04, 8D, 45, E0, 50, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateSocketHandle + 87 71AA3191 84 Bytes [ FF, FF, 75, E4, FF, 15, D8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCreateSocketHandle + DC 71AA31E6 2 Bytes JMP 718631D4
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCompleteRequest + 47 71AA331F 40 Bytes JMP 71AA09F4 C:\WINDOWS\system32\WS2HELP.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCompleteRequest + 70 71AA3348 40 Bytes JMP 71AA097B C:\WINDOWS\system32\WS2HELP.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnableNonIFSHandleSupport + F 71AA3372 182 Bytes [ B8, 7B, 27, 00, 00, E9, 98, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnableNonIFSHandleSupport + C7 71AA342A 51 Bytes CALL 71AA1C3F C:\WINDOWS\system32\WS2HELP.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnableNonIFSHandleSupport + FB 71AA345E 20 Bytes [ FF, 50, FF, 15, 78, 11, AB, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnableNonIFSHandleSupport + 110 71AA3473 33 Bytes CALL 71AA6947 C:\WINDOWS\system32\WS2HELP.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahEnableNonIFSHandleSupport + 132 71AA3495 19 Bytes JMP 71AA1BC9 C:\WINDOWS\system32\WS2HELP.dll
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahDisableNonIFSHandleSupport + 4 71AA3565 60 Bytes [ 9D, D4, FC, FF, FF, E9, 0E, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahDisableNonIFSHandleSupport + 41 71AA35A2 9 Bytes [ BF, 47, 27, 00, 00, E9, 47, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahDisableNonIFSHandleSupport + 4B 71AA35AC 11 Bytes [ 83, 0D, 20, 40, AC, 71, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahDisableNonIFSHandleSupport + 57 71AA35B8 14 Bytes [ 90, 90, 90, 90, 90, 33, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahDisableNonIFSHandleSupport + 66 71AA35C7 15 Bytes CALL 38B27B57
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenHandleHelper + 46 71AA38C1 15 Bytes [ 3D, 7C, 27, 00, 00, 0F, 85, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenHandleHelper + 56 71AA38D1 57 Bytes [ FF, 15, A4, 11, AB, 71, E9, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenHandleHelper + 90 71AA390B 67 Bytes [ 00, 00, 85, C0, 74, 69, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenHandleHelper + D5 71AA3950 1 Byte [ D8 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahOpenHandleHelper + D7 71AA3952 143 Bytes [ 15, D8, 10, AB, 71, 85, C0, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahDestroyHandleContextTable + 1 71AA3C83 72 Bytes CALL 712DC771
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahCloseNotificationHandleHelper 71AA3CCF 155 Bytes [ 90, 33, C0, 40, C3, 90, 90, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + 6D 71AA3D6B 13 Bytes [ FF, FF, 15, B4, 11, AB, 71, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + 7C 71AA3D7A 78 Bytes [ 83, 4D, FC, FF, C7, 45, 0C, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + CB 71AA3DC9 13 Bytes CALL 71AA8435
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + D9 71AA3DD7 7 Bytes [ 8D, 7E, 0C, EB, 1C, 8B, 0F ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] WS2HELP.dll!WahNotifyAllProcesses + E1 71AA3DDF 13 Bytes [ 01, 89, 07, 51, 89, 4D, F8, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetEnumerateComputerNames + FFFBB3F0 5B861491 33 Bytes [ EC, 83, EC, 14, 53, 8B, 5D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetEnumerateComputerNames + FFFBB413 5B8614B4 6 Bytes [ FF, 75, 0C, 33, F6, 57 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetEnumerateComputerNames + FFFBB94B 5B8619EC 6 Bytes [ 00, 00, 8B, 89, 0C, 01 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetEnumerateComputerNames + FFFBB953 5B8619F4 34 Bytes [ 3B, CB, 74, 09, FF, 75, 10, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetEnumerateComputerNames + FFFBB977 5B861A18 30 Bytes CALL 5B860E85 C:\WINDOWS\system32\NETAPI32.dll
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpNtStatusToApiStatus + 3F 5B863C4F 24 Bytes JMP 5B85F1D7
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpNtStatusToApiStatus + 58 5B863C68 94 Bytes JMP 5B85F345
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpNtStatusToApiStatus + B7 5B863CC7 18 Bytes [ 94, 06, 00, 00, 8B, 75, 08, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpNtStatusToApiStatus + CA 5B863CDA 3 Bytes [ 80, 7D, 14 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpNtStatusToApiStatus + CE 5B863CDE 16 Bytes [ 0F, 84, 94, 9D, 00, 00, 6A, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferFree + 15 5B867765 46 Bytes [ 00, 68, DA, 97, 02, 00, 68, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferFree + 44 5B867794 57 Bytes [ 89, 75, C0, 8D, 7E, 04, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferFree + 7E 5B8677CE 74 Bytes [ 9A, 01, 00, 33, C0, E8, D8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferFree + C9 5B867819 79 Bytes [ 89, B0, AC, 01, 00, 00, 83, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferFree + 119 5B867869 29 Bytes [ A3, A4, A0, 01, 00, C7, 05, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpAccessCheckAndAudit + 21 5B8686EC 20 Bytes [ 15, 18, 8E, 01, 00, 83, 4D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpAccessCheckAndAudit + 36 5B868701 88 Bytes [ DC, 9A, 00, 00, C0, E9, 19, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpAccessCheckAndAudit + 91 5B86875C 17 Bytes [ 8B, FF, 55, 8B, EC, 51, 8B, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareGetInfo + 10 5B86876E 23 Bytes [ DB, 53, 68, 04, A8, 02, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareGetInfo + 28 5B868786 1 Byte [ 6A ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareGetInfo + 2A 5B868788 32 Bytes [ 53, 53, 53, FF, 75, FC, E8, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareGetInfo + 4B 5B8687A9 301 Bytes [ 3B, F3, 0F, 94, C0, 3A, C3, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareGetInfo + 179 5B8688D7 6 Bytes [ 00, 53, 68, 6A, A9, 02 ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpDbgPrint + A 5B868A54 16 Bytes JMP 5B863725 C:\WINDOWS\system32\NETAPI32.dll
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpDbgPrint + 1B 5B868A65 5 Bytes [ 53, 68, 92, AA, 02 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpDbgPrint + 22 5B868A6C 150 Bytes [ 1A, 05, 00, 00, 6A, 01, 53, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpDbgPrint + BA 5B868B04 9 Bytes [ 80, 7D, 10, FF, 0F, 84, B9, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpDbgPrint + C4 5B868B0E 37 Bytes JMP 5B8637E9 C:\WINDOWS\system32\NETAPI32.dll
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferAllocate + 10 5B868C19 4 Bytes [ FF, 75, E0, 57 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferAllocate + 15 5B868C1E 3 Bytes [ 7B, 69, FE ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferAllocate + 19 5B868C22 10 Bytes [ 8B, 45, E0, FF, 88, BC, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetApiBufferAllocate + 24 5B868C2D 54 Bytes [ 38, 45, E5, 0F, 84, CC, 12, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpIsRemote + 28 5B868C64 68 Bytes [ EB, 98, 64, 3A, 5C, 6E, 74, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpCopyStringToBuffer + D 5B868CA9 94 Bytes [ 08, 83, B9, 8C, 00, 00, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpCopyStringToBuffer + 6C 5B868D08 19 Bytes [ 45, 08, 85, C0, 74, 04, C6, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpCopyStringToBuffer + 80 5B868D1C 62 Bytes [ 70, 0C, FF, 15, 10, 8F, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpCopyStringToBuffer + C0 5B868D5C 65 Bytes [ F6, 41, 10, 02, 0F, 85, 36, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpCopyStringToBuffer + 102 5B868D9E 27 Bytes [ 15, 50, 8F, 01, 00, 83, F8, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareEnum + 2E 5B868E93 34 Bytes [ 81, E6, DE, FE, FF, 3F, 81, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareEnum + 51 5B868EB6 5 Bytes [ 75, E0, E9, 6F, 3B ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareEnum + 57 5B868EBC 37 Bytes [ FF, 68, FC, 00, 00, 00, 68, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareEnum + 7D 5B868EE2 26 Bytes [ 47, 10, 8B, 46, 04, 89, 47, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetShareEnum + 98 5B868EFD 16 Bytes [ 46, 14, 6A, 01, 89, 47, 18, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!I_NetServerSetServiceBitsEx + 30 5B868F90 43 Bytes [ 39, 0A, 0F, 84, 19, CA, FF, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!I_NetServerSetServiceBitsEx + 5D 5B868FBD 45 Bytes [ FF, 8B, 49, 04, 89, 11, 89, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!I_NetServerSetServiceBitsEx + 8B 5B868FEB 66 Bytes [ 15, BC, 8D, 01, 00, E9, E3, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!I_NetServerSetServiceBitsEx + CF 5B86902F 66 Bytes [ 00, 83, 78, 48, 00, 74, 20, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!I_NetServerSetServiceBitsEx + 112 5B869072 26 Bytes CALL 5B84F59A
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetGetJoinInformation + 5B 5B8698FF 146 Bytes JMP 5B85C6A7
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetGetJoinInformation + EE 5B869992 1 Byte [ 6A ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetGetJoinInformation + F0 5B869994 89 Bytes CALL 5B85B442
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetRemoteComputerSupports + 4E 5B8699EF 12 Bytes [ 90, 90, 90, 90, 90, 8B, 45, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetRemoteComputerSupports + 5B 5B8699FC 18 Bytes [ 45, C8, 50, FF, 15, B4, 8D, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetRemoteComputerSupports + 70 5B869A11 3 Bytes [ 8B, 65, E8 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetRemoteComputerSupports + 74 5B869A15 17 Bytes [ 75, C8, FF, 75, 08, E8, A1, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetRemoteComputerSupports + 86 5B869A27 29 Bytes [ FF, C6, 45, E7, 01, 53, 68, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaGetInfo + B 5B869A45 13 Bytes [ 43, 24, 6A, 00, 68, EC, BA, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaGetInfo + 19 5B869A53 42 Bytes CALL 5B84F599
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaGetInfo + 44 5B869A7E 9 Bytes CALL 5B859DFD
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaGetInfo + 4E 5B869A88 17 Bytes [ C0, 75, 07, C6, 86, 44, 01, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaGetInfo + 60 5B869A9A 86 Bytes [ C7, 45, DC, 02, 00, 00, C0, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaUserGetInfo + 19 5B869AF1 127 Bytes [ 5C, 62, 61, 73, 65, 5C, 66, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaUserGetInfo + 99 5B869B71 2 Bytes [ 59, 08 ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaUserGetInfo + 9C 5B869B74 93 Bytes [ 5B, 20, C1, EB, 04, F6, C3, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaUserGetInfo + FA 5B869BD2 189 Bytes [ FF, F6, 05, A8, 99, 01, 00, ... ]
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetWkstaUserGetInfo + 1B8 5B869C90 56 Bytes [ 6A, 00, FF, 75, E0, E8, AB, ... ]
.text ...
.text C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[4048] NETAPI32.dll!NetpwPathType + 28 5B869E37 18 Bytes CALL 5B855C70
.text C:\
  • 0

#7
Chris H
Posted 18 January 2007 - 07:58 AM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-18 13:56:36
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemkdmmt.exe = kdmmt.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccProxy /*Symantec Network Proxy*/@ = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
navapsvc /*Norton AntiVirus Auto-Protect Service*/@ = "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RecguardC:\WINDOWS\SMINST\RECGUARD.EXE = C:\WINDOWS\SMINST\RECGUARD.EXE
@S3TRAY2S3tray2.exe = S3tray2.exe
@IgfxTrayC:\WINDOWS\System32\igfxtray.exe = C:\WINDOWS\System32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@PS2C:\WINDOWS\system32\ps2.exe = C:\WINDOWS\system32\ps2.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@POINTERpoint32.exe /*file not found*/ = point32.exe /*file not found*/
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@HP Component Manager"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
@HP Software Update"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\[email protected] = nvctrl.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@Microsoft Works Update DetectionC:\Program Files\Microsoft Works\WkDetect.exe /*file not found*/ = C:\Program Files\Microsoft Works\WkDetect.exe /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SUPERAntiSpywareC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ >>>
SharedTaskScheduler@{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Program Files\SUPERAntiSpyware\SASSEH.DLL = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealOne Player\rpshell.dll = C:\Program Files\Real\RealOne Player\rpshell.dll
@{eb9ebda0-b3e7-11cf-81c9-0000c0aa665f} /*FTP Explorer Shell Extension*/ftpxext.dll = ftpxext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
@{9ECB9560-04F9-4bbc-943D-298DDF1699E1}C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
@{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar2.dll = c:\program files\google\googletoolbar2.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
cetihpz@CLSID = C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Startup = reminder-ScanSoft Product Registration.lnk

---- EOF - GMER 1.0.12 ----
  • 0

#8
Noviciate
Posted 18 January 2007 - 03:24 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download Fixwareout.exe by LonnyRJones from one of these two locations, and save it to your Desktop:

http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

2) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.
  • Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

3) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

4) You will need to know how to boot into Safe Mode.
Instructions can be found here.

Please Note: You will need to remain connected to the internet during this fix.

Removal

1) Double click Fixwareout.exe to start the Fixwareout Setup Wizard
  • Click Next > Install.
  • Ensure that the box to the left of Run fixit is checked.
  • Click on Finish.
  • Follow the prompts.
  • You will be asked to reboot your computer - please do so. Your system may take longer than usual to load - this is normal.
  • When your system reboots, follow the prompts.
Afterwards HijackThis should launch by itself - if it does not, start it manually.

Click on 'Do a system scan only' and place a checkmark in the boxes to the left of the following entries, by clicking on them:

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E86790F-605C-4C89-B193-557D2972F814}: NameServer = 85.255.115.42,85.255.112.114
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.114
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.114

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Go to Start > Control Panel >Network Connections. Right click your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on Properties.
* Make a note of the settings before you change them just in case you need to put them back how they were.
Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.

3) Go to Start > Run, enter cmd and click OK.
  • At the Dos Prompt Screen, type in cd\ and then press <ENTER>.
  • Now type in ipconfig /flushdns and then press <ENTER>. (notice the space after ipconfig)
  • Close the command prompt window.
4) Boot into Safe Mode.

5) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

6) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

7) Go to Start > Control Panel > Internet Options.

For I.E. 6 - under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

For I.E. 7 - under Browsing History, click delete...
Under Temporary Internet Files, click Delete files...

8) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG A-S.

9) Boot into Normal Mode.

Post a new HJT log (run in Normal Mode), the AVG A-S log, the contents of the logfile C:\fixwareout\report.txt AND a description of how your PC is running.
I'd also like you to run GMER again and let me have another Autostarts log - just this one, NOT the big one!

Important: If you have any problems with running Fixwareout, fix the O17 lines with HJT and then try again. Make sure that you run HJT as per the instructions and ensure that they are gone once Fixwareout has completed it's job.


  • 0

#9
Chris H
Posted 19 January 2007 - 06:02 AM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok the internet appears to be working fine; much faster and no redirections!

System itself seems a little sluggish; when closing down an "End Program" box appears with the program 'hpcmpmgr.exe'; have no idea what this is.

Please find attached the requested reports:


Logfile of HijackThis v1.99.1
Scan saved at 12:00:52, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: {0A617409-584A-4630-AF8B-4E0DC61FD01C} (blueyonder Game Launcher Control) - http://gaming.blueyo...ex/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.c...ex/launcher.ocx
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {E522120B-0CF2-4C26-A8EA-50A7591F10F1} (blueyonder Game Launcher Control) - http://gaming.blueyo...ex/launcher.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




Fixwareout
Last edited 1/14/2006
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\system32\kdmmt.exe will be moved to C:\WINDOWS\temp\kdmmt.ren at reboot.
»»»»» System restarted
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:57:01 19/01/2007

+ Scan result:



C:\Program Files\DirectVideo -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\DirectVideo\Uninstall.exe -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DirectVideo -> Adware.Generic : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\000026ca_4515de0b_00076417 -> Downloader.Agent.bx : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-558522827-3168066103-3802400216-1009\Dc10.ren -> Downloader.Zlob.aty : Cleaned with backup (quarantined).
C:\Program Files\Msnasoft\Cache\000073da_4515ddf3_000ec82e -> Not-A-Virus.Exploit.HTML.Agent.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mum and Dad\Cookies\mum_and_dad@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end





GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-19 02:06:24
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccProxy /*Symantec Network Proxy*/@ = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
navapsvc /*Norton AntiVirus Auto-Protect Service*/@ = "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RecguardC:\WINDOWS\SMINST\RECGUARD.EXE = C:\WINDOWS\SMINST\RECGUARD.EXE
@S3TRAY2S3tray2.exe = S3tray2.exe
@IgfxTrayC:\WINDOWS\System32\igfxtray.exe = C:\WINDOWS\System32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@PS2C:\WINDOWS\system32\ps2.exe = C:\WINDOWS\system32\ps2.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@POINTERpoint32.exe /*file not found*/ = point32.exe /*file not found*/
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@HP Component Manager"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
@HP Software Update"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@Microsoft Works Update DetectionC:\Program Files\Microsoft Works\WkDetect.exe /*file not found*/ = C:\Program Files\Microsoft Works\WkDetect.exe /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SUPERAntiSpywareC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ >>>
SharedTaskScheduler@{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Program Files\SUPERAntiSpyware\SASSEH.DLL = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealOne Player\rpshell.dll = C:\Program Files\Real\RealOne Player\rpshell.dll
@{eb9ebda0-b3e7-11cf-81c9-0000c0aa665f} /*FTP Explorer Shell Extension*/ftpxext.dll = ftpxext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
@{9ECB9560-04F9-4bbc-943D-298DDF1699E1}C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
@{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar2.dll = c:\program files\google\googletoolbar2.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
cetihpz@CLSID = C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Startup = reminder-ScanSoft Product Registration.lnk

---- EOF - GMER 1.0.12 ----

Edited by Chris H, 19 January 2007 - 10:36 AM.

  • 0

#10
Noviciate
Posted 19 January 2007 - 02:25 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

when closing down an "End Program" box appears with the program 'hpcmpmgr.exe'; have no idea what this is.

If in doubt, Google - http://www.bleepingc...r.exe-1977.html
In order to stop the End Program box, do the following:

1) Press and hold CTRL and Alt and tap Delete. This will open Task Manager.
If it is not selected, click on the 'Processes' Tab.
Scroll down and locate the following (if you cannot find it, don't worry):

hpcmpmgr.exe

Click on it to highlight it, and then click on 'End Process'

2) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

This will remove the registry entry that starts the file on boot up, but it won't touch the file itself, so it will no longer run when the PC is turned on. If you want to restore the entry:

Run HJT and click on View the list of backups.
Highlight any you wish to restore and click on Restore.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

System itself seems a little sluggish

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please Note: This program is for Windows XP and Windows 2000 only.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Go to Start > Run, enter sfc /scannow ( note the space between the "c" and "/" ) and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point.

For details on the System File Checker, click here.

5) Defragment your hard drive. A tutorial for disc defragmentation is available here.

6) Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you don't intend to use the AVG A-S Resident Guard, do the following:
  • Go to Start > Run, enter services.msc and hit OK.
  • Locate and right click AVG Anti-Spyware Guard
  • Select Properties from the menu.
  • Under the General Tab, change the Service status: to Stopped and then the Startup type: to Disabled.
You don't need to have this service running if you aren't using the guard.
Once the trial period has expired, you will need to do this unless you upgrade as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are running an old version of Sun Java which needs updating:
  • Go here and click on the Download button to the right of Java Runtime Environment (JRE) 6.0.
  • Accept the license agreement by clicking the appropriate radio button and then continue.
  • Under Windows Platform - Java™ SE Runtime Environment 6, click the Windows Offline Installation, Multi-language link.
  • Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Enviroment and then reboot your PC.
  • Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
  • Finally double click the installation file that you downloaded earlier.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.
  • 0

#11
Chris H
Posted 29 January 2007 - 05:19 PM

Chris H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Noviciate,

After implementing your instructions my system is running much better and faster. Have also scanned for any remaining spyware; all appears to be clean! :whistling:

Many thanks for your advice and time, is much appreciated. A donation is winging it's way to the site.

Once again thanks,

Chris
  • 0

#12
Noviciate
Posted 29 January 2007 - 05:27 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
I love a happy ending! :blink: I'll lock this thread as all is well - if you need it re-opening for any reason, PM a Mod.

A donation is winging it's way to the site.

Much appreciated - thanks. :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP