[RESOLVED] Trying to remove "Antimalware", can't enter Safe Mode

[shazbot]

My mother recently picked up a nasty piece of foistware ironically named "Antimalware". It's a lot like WinAntivirus in that it:

- bombards the user with false virus warnings
- constantly tries to install/reinstall itself
- insists on being given a "reason" before it can be uninstalled
- redirects any internet searches aimed at removing it or stopping its processes

To make matters worse, whenever I try to restart in Safe Mode, I always get the Blue Screen of Death immediately after choosing which OS to use (there's only one in this case: XP Media Center Edition). Anyone seen this before?


On a side note, I wish there were more tech-savvy people in congress so we could see about banning foistware like this altogether. Such a hassle.

[fink]

Try doing the following scans... (do the superantispyware in regular mode for now)

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner4.exe

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under [b]General and Startup" tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

4. Download, install, and run HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.
Do NOT attempt to "fix" anything yet with Hijackthis!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Above layout courtesy of Broni

[shazbot]

Here's the logs. I managed to get SUPER Antispyware updated, but I keep getting an error message when I try to update with Malwarebytes. Also, shortly after trying to update it, I went back to try updating SUPER Antispyware and got a similar error message. I've added them both to Panda's (the firewall on this PC) list of excluded files, but that's not doing it. Nevertheless, I did a scan with it anyway using definitions from September of this year, with log to follow:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/18/2009 at 12:19 PM

Application Version : 4.30.1004

Core Rules Database Version : 4288
Trace Rules Database Version: 2161

Scan type : Complete Scan
Total Scan Time : 00:27:15

Memory items scanned : 519
Memory threats detected : 2
Registry items scanned : 5553
Registry threats detected : 2
File items scanned : 34554
File threats detected : 519

Trojan.Agent/Gen
C:\WINDOWS\SYSTEM32\CSRSS2.DLL
C:\WINDOWS\SYSTEM32\CSRSS2.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\Csrss
C:\DOCUMENTS AND SETTINGS\JANE BOWER\LOCAL SETTINGS\TEMP\A995.EXE
C:\DOCUMENTS AND SETTINGS\JANE BOWER\LOCAL SETTINGS\TEMP\CSRSS2.DLL
C:\DOCUMENTS AND SETTINGS\JANE BOWER\LOCAL SETTINGS\TEMP\INSTALLER.EXE

Trojan.Agent/Gen-FakeAlert[CS]
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CSRSS.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CSRSS.EXE
C:\DOCUMENTS AND SETTINGS\JANE BOWER\LOCAL SETTINGS\TEMP\0.5767820608113787.EXE
C:\WINDOWS\Prefetch\CSRSS.EXE-345D9C3F.pf

Adware.Tracking Cookie
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane_bower@atdmt[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@roiservice[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@advertising[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@metareward[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@hitbox[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane_bower@pointroll[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@1070527205[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@tribalfusion[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@realmedia[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@specificclick[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@insightexpressai[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@adrevolver[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@1072704758[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@trafficmp[3].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@mediaplex[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@partner2profit[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@atwola[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane_bower@doubleclick[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane_bower@casalemedia[2].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@tacoda[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@zedo[1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane [email protected][1].txt
C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\Cookies\jane bower@insightbb[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@qnsr[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@elitefitness[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@mass2onemedia[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@************[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@specificmedia[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightfirst[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tripod[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@************[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][17].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][14].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][18].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@media6degrees[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][15].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][16].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@indextools[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@adbrite[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@interclick[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@pro-market[1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@indextools[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@pro-market[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@adbrite[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@chitika[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[16].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@wordtracker[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[26].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[22].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@yieldmanager[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@buildtraffic[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[17].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[27].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[23].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[18].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[28].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[30].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[20].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[14].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[24].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[19].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[29].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[21].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[15].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[25].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@yieldmanager[1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@insightexpressai[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@eyewonder[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[14].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[8].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[15].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[16].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][14].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][11].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][15].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@m2omedia[2].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][12].txt


(continued in next post)

[shazbot]

C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[6].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@bizrate[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@bizrate[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@revsci[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificclick[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[17].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@m2omedia[18].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@spafinder[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@adwarealert[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@nextag[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@burstbeacon[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@specificclick[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][14].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@yieldmanager[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@traveladvertising[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][20].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][14].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][18].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@pitchforkmedia[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@traffic[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][21].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][15].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][25].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][19].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@reztrack[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@pro-market[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][22].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][16].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@reztrack[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][23].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][17].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@interclick[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@findtoto[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@findtoto[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@accounts[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@indexstats[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@roiservice[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[17].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@invitemedia[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[14].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[15].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@roiservice[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@collective-media[8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[16].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@partner2profit[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@mediawebconnect[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@pointroll[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@partner2profit[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@partner2profit[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@partner2profit[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][8].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][9].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@partner2profit[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@partner2profit[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightexpressai[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@eyewonder[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@eyewonder[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt

(continued in next post)

[shazbot]

C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@a.************[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@adserver[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@revsci[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificmedia[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificmedia[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@specificmedia[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@adserver[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[13].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[14].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[11].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[12].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[10].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@adlegend[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@adserver[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@a.************[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane_bower@precisionclick[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@valueclick[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@kontera[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[6].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[5].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[4].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@insightbb[7].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@crossmediaservices[1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[18].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[15].txt
C:\Documents and Settings\Jane Bower\Cookies\jane bower@tacoda[16].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][3].txt
C:\Documents and Settings\Jane Bower\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Cookies\[email protected][1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@insightexpressai[2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@metareward[2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@specificclick[2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@tacoda[1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@roiservice[1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane_bower@pointroll[2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@partner2profit[1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][2].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane [email protected][1].txt
C:\Documents and Settings\Jane Bower\Local Settings\Temp\Cookies\jane bower@insightbb[1].txt

Rogue.CoreGuardAntiVirus2009
HKU\S-1-5-21-43960125-1719418442-3974907192-1006\Software\CoreGuard

Trojan.Agent/Gen-RogueComponent
C:\DOCUMENTS AND SETTINGS\JANE BOWER\LOCAL SETTINGS\TEMP\UACD26C.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0184858.DLL

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

[shazbot]

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/18/2009 3:10:16 PM
mbam-log-2009-11-18 (15-10-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184383
Time elapsed: 25 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Csrss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[shazbot]

This next one, the GMER log, is the longest I've ever seen, and it may require around 15 separate posts to get it all on the board. In case you're wondering, I can't remember the last time this PC was subjected to any kind of scanning, for viruses or anything else:


GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-18 16:38:24
Windows 5.1.2600 Service Pack 3
Running: 4mg2kcxk.exe; Driver: C:\DOCUME~1\JANEBO~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED1F30B0]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International) ZwTerminateThread [0xBA216E40]
SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory [0xEBCDC4E8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3018 805048B4 4 Bytes CALL 693C167D
? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\PavSRK.sys The system cannot find the file specified. !
? system32\drivers\av5flt.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

[shazbot]

.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[188] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A

[shazbot]

.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[244] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

[shazbot]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1072] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]

[shazbot]

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1084] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]

[shazbot]

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1088] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]

[shazbot]

.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1300] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1636] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1636] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1636] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}

[shazbot]

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2148] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]

[shazbot]

.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[2216] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A