Okay so i can't seem to find out exactly what language on windows I have but, it was purchased in canada (english version currently) the only other option is that it MAY be the bilingual, as far as i no, this conime.exe thing is an asian language pack thats utterly annoying me.
EDIT: After completing a restartafter i posted this topic EVEYTIME I OPEN WINDOWS EXPLORER to access a folder etc.... its trying to close COM surrogate. WTF has happened?! i followed ur instructions exactly.
2nd Edit: Another restart seemed to solve that issue.
I was able to accomplish everything u asked of me.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-21 18:52:55
Windows 6.0.6002 Service Pack 2
Running: exwp80st.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxldypow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwCreateThread [0x8D121E8C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwLoadDriver [0x8D1221BC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x8D121BCC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwOpenSection [0x8D1225EE]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwRenameKey [0x8D12388C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x8D12243E]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSuspendProcess [0x8D121A4C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSuspendThread [0x8D121EC0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x8D122042]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwTerminateProcess [0x8D1219A6]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwTerminateThread [0x8D121B06]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x8D121F86]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x8D121EA6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 81CEB984 4 Bytes [8C, 1E, 12, 8D]
.text ntkrnlpa.exe!KeSetEvent + 37D 81CEBAE0 4 Bytes [BC, 21, 12, 8D]
.text ntkrnlpa.exe!KeSetEvent + 3AD 81CEBB10 4 Bytes [CC, 1B, 12, 8D]
.text ntkrnlpa.exe!KeSetEvent + 3FD 81CEBB60 4 Bytes [EE, 25, 12, 8D]
.text ntkrnlpa.exe!KeSetEvent + 515 81CEBC78 4 Bytes JMP 12388C81
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 00EF000C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 00EF100C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 00EF200C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 00EF300C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 00EF400C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 00EF500C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 00EFB00C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 00EF800C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 00EF600C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 00EF900C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 00EF700C
.text C:\Program Files\iTunes\iTunesHelper.exe[356] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 00EFA00C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0049000C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0049100C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0049200C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0049300C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0049400C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0049800C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0049600C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0049900C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0049700C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0049500C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0049B00C
.text C:\Program Files\Windows Defender\MSASCui.exe[456] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0049A00C
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0017000C
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0017100C
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0017200C
.text C:\Windows\system32\wininit.exe[596] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0017300C
.text C:\Windows\system32\wininit.exe[596] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0017400C
.text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0017800C
.text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0017600C
.text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0017900C
.text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0017700C
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0017500C
.text C:\Windows\system32\wininit.exe[596] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0017A00C
.text C:\Windows\system32\winlogon.exe[672] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 001C000C
.text C:\Windows\system32\winlogon.exe[672] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 001C100C
.text C:\Windows\system32\winlogon.exe[672] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 001C200C
.text C:\Windows\system32\winlogon.exe[672] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 001C300C
.text C:\Windows\system32\winlogon.exe[672] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 001C400C
.text C:\Windows\system32\winlogon.exe[672] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 001C800C
.text C:\Windows\system32\winlogon.exe[672] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 001C600C
.text C:\Windows\system32\winlogon.exe[672] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 001C900C
.text C:\Windows\system32\winlogon.exe[672] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 001C700C
.text C:\Windows\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 001C500C
.text C:\Windows\system32\winlogon.exe[672] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 001CB00C
.text C:\Windows\system32\winlogon.exe[672] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 001CA00C
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 000E000C
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 000E100C
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 000E200C
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 000E300C
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 000E400C
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 000E800C
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 000E600C
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 000E900C
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 000E700C
.text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 000E500C
.text C:\Windows\system32\lsass.exe[688] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 000EB00C
.text C:\Windows\system32\lsass.exe[688] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 000EA00C
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0015000C
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0015100C
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0015200C
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0015300C
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0015400C
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0015800C
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0015600C
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0015900C
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0015700C
.text C:\Windows\system32\lsm.exe[696] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0015500C
.text C:\Windows\system32\lsm.exe[696] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0015A00C
.text C:\Windows\system32\SearchFilterHost.exe[704] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0024000C
.text C:\Windows\system32\SearchFilterHost.exe[704] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0024100C
.text C:\Windows\system32\SearchFilterHost.exe[704] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0024200C
.text C:\Windows\system32\SearchFilterHost.exe[704] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0024300C
.text C:\Windows\system32\SearchFilterHost.exe[704] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0024400C
.text C:\Windows\system32\SearchFilterHost.exe[704] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0024800C
.text C:\Windows\system32\SearchFilterHost.exe[704] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0024600C
.text C:\Windows\system32\SearchFilterHost.exe[704] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0024900C
.text C:\Windows\system32\SearchFilterHost.exe[704] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0024700C
.text C:\Windows\system32\SearchFilterHost.exe[704] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0024500C
.text C:\Windows\system32\SearchFilterHost.exe[704] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0024B00C
.text C:\Windows\system32\SearchFilterHost.exe[704] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0024A00C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0024000C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0024100C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0024200C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0024300C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0024400C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0024500C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0024A00C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0024800C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0024600C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0024900C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0024700C
.text C:\Users\Mike\Downloads\exwp80st.exe[784] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0024B00C
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0013000C
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0013100C
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0013200C
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 000A000C
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 000A100C
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 000A200C
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0145000C
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0145100C
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0145200C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0098000C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0098100C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0098200C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0098300C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0098400C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0098500C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0098B00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0098800C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0098600C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0098900C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0098700C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[984] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0098A00C
.text C:\Windows\system32\Ati2evxx.exe[1044] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 003D000C
.text C:\Windows\system32\Ati2evxx.exe[1044] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 003D100C
.text C:\Windows\system32\Ati2evxx.exe[1044] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 003D200C
.text C:\Windows\system32\Ati2evxx.exe[1044] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 003D300C
.text C:\Windows\system32\Ati2evxx.exe[1044] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 003D400C
.text C:\Windows\system32\Ati2evxx.exe[1044] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 003D500C
.text C:\Windows\system32\Ati2evxx.exe[1044] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 003DB00C
.text C:\Windows\system32\Ati2evxx.exe[1044] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 003D800C
.text C:\Windows\system32\Ati2evxx.exe[1044] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 003D600C
.text C:\Windows\system32\Ati2evxx.exe[1044] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 003D900C
.text C:\Windows\system32\Ati2evxx.exe[1044] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 003D700C
.text C:\Windows\system32\Ati2evxx.exe[1044] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 003DA00C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0087000C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0087100C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0087200C
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0113000C
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0113100C
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0113200C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 00E2000C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 00E2100C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 00E2200C
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0007100C
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0007200C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[1304] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0360000C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[1304] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0360100C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[1304] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0360200C
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 00D2000C
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 00D2100C
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 00D2200C
.text C:\Windows\system32\Ati2evxx.exe[1380] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 015C000C
.text C:\Windows\system32\Ati2evxx.exe[1380] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 015C100C
.text C:\Windows\system32\Ati2evxx.exe[1380] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 015C200C
.text C:\Windows\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 015C300C
.text C:\Windows\system32\Ati2evxx.exe[1380] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 015C400C
.text C:\Windows\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 015C500C
.text C:\Windows\system32\Ati2evxx.exe[1380] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 015CB00C
.text C:\Windows\system32\Ati2evxx.exe[1380] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 015C800C
.text C:\Windows\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 015C600C
.text C:\Windows\system32\Ati2evxx.exe[1380] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 015C900C
.text C:\Windows\system32\Ati2evxx.exe[1380] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 015C700C
.text C:\Windows\system32\Ati2evxx.exe[1380] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 015CA00C
.text C:\Windows\system32\svchost.exe[1580] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 008B000C
.text C:\Windows\system32\svchost.exe[1580] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 008B100C
.text C:\Windows\system32\svchost.exe[1580] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 008B200C
.text C:\WINDOWS\sttray.exe[1616] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 003E000C
.text C:\WINDOWS\sttray.exe[1616] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 003E100C
.text C:\WINDOWS\sttray.exe[1616] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 003E200C
.text C:\WINDOWS\sttray.exe[1616] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 003E300C
.text C:\WINDOWS\sttray.exe[1616] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 003E400C
.text C:\WINDOWS\sttray.exe[1616] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 003E500C
.text C:\WINDOWS\sttray.exe[1616] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 003EB00C
.text C:\WINDOWS\sttray.exe[1616] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 003E800C
.text C:\WINDOWS\sttray.exe[1616] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 003E600C
.text C:\WINDOWS\sttray.exe[1616] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 003E900C
.text C:\WINDOWS\sttray.exe[1616] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 003E700C
.text C:\WINDOWS\sttray.exe[1616] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 003EA00C
.text C:\Windows\system32\Dwm.exe[1904] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 00D2000C
.text C:\Windows\system32\Dwm.exe[1904] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 00D2100C
.text C:\Windows\system32\Dwm.exe[1904] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 00D2200C
.text C:\Windows\system32\Dwm.exe[1904] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 00D2300C
.text C:\Windows\system32\Dwm.exe[1904] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 00D2400C
.text C:\Windows\system32\Dwm.exe[1904] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 00D2800C
.text C:\Windows\system32\Dwm.exe[1904] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 00D2600C
.text C:\Windows\system32\Dwm.exe[1904] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 00D2900C
.text C:\Windows\system32\Dwm.exe[1904] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 00D2700C
.text C:\Windows\system32\Dwm.exe[1904] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 00D2500C
.text C:\Windows\system32\Dwm.exe[1904] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 00D2B00C
.text C:\Windows\system32\Dwm.exe[1904] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 00D2A00C
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 00E0000C
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 00E0100C
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 00E0200C
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 00E0300C
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 00E0400C
.text C:\Windows\system32\taskeng.exe[1912] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 00E0800C
.text C:\Windows\system32\taskeng.exe[1912] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 00E0600C
.text C:\Windows\system32\taskeng.exe[1912] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 00E0900C
.text C:\Windows\system32\taskeng.exe[1912] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 00E0700C
.text C:\Windows\system32\taskeng.exe[1912] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 00E0500C
.text C:\Windows\system32\taskeng.exe[1912] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 00E0B00C
.text C:\Windows\system32\taskeng.exe[1912] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 00E0A00C
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0077000C
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0077100C
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0077200C
.text C:\Windows\Explorer.EXE[1964] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 01DE000C
.text C:\Windows\Explorer.EXE[1964] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 01DE100C
.text C:\Windows\Explorer.EXE[1964] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 01DE200C
.text C:\Windows\Explorer.EXE[1964] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 01DE300C
.text C:\Windows\Explorer.EXE[1964] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 01DE400C
.text C:\Windows\Explorer.EXE[1964] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 01DE800C
.text C:\Windows\Explorer.EXE[1964] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 01DE600C
.text C:\Windows\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 01DE900C
.text C:\Windows\Explorer.EXE[1964] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 01DE700C
.text C:\Windows\Explorer.EXE[1964] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 01DE500C
.text C:\Windows\Explorer.EXE[1964] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 01DEB00C
.text C:\Windows\Explorer.EXE[1964] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 01DEA00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0038000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0038100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0038200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0038300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0038400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0038800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0038600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0038900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0038700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0038500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0038B00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0038A00C
.text C:\Windows\system32\taskeng.exe[2176] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 001A000C
.text C:\Windows\system32\taskeng.exe[2176] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 001A100C
.text C:\Windows\system32\taskeng.exe[2176] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 001A200C
.text C:\Windows\system32\taskeng.exe[2176] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 001A300C
.text C:\Windows\system32\taskeng.exe[2176] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 001A400C
.text C:\Windows\system32\taskeng.exe[2176] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 001A800C
.text C:\Windows\system32\taskeng.exe[2176] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 001A600C
.text C:\Windows\system32\taskeng.exe[2176] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 001A900C
.text C:\Windows\system32\taskeng.exe[2176] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 001A700C
.text C:\Windows\system32\taskeng.exe[2176] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 001A500C
.text C:\Windows\system32\taskeng.exe[2176] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 001AB00C
.text C:\Windows\system32\taskeng.exe[2176] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 001AA00C
.text C:\Windows\system32\agrsmsvc.exe[2440] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0020000C
.text C:\Windows\system32\agrsmsvc.exe[2440] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0020100C
.text C:\Windows\system32\agrsmsvc.exe[2440] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0020200C
.text C:\Windows\system32\agrsmsvc.exe[2440] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0020300C
.text C:\Windows\system32\agrsmsvc.exe[2440] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0020400C
.text C:\Windows\system32\agrsmsvc.exe[2440] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0020800C
.text C:\Windows\system32\agrsmsvc.exe[2440] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0020600C
.text C:\Windows\system32\agrsmsvc.exe[2440] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0020900C
.text C:\Windows\system32\agrsmsvc.exe[2440] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0020700C
.text C:\Windows\system32\agrsmsvc.exe[2440] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0020500C
.text C:\Windows\system32\agrsmsvc.exe[2440] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0020B00C
.text C:\Windows\system32\agrsmsvc.exe[2440] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0020A00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0022000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0022100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0022200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0022300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0022400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0022800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0022600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0022900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0022700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0022500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0022B00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2472] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0022A00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0016000C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0016100C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0016200C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0016300C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0016400C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0016800C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0016600C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0016900C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0016700C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0016500C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0016B00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2488] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0016A00C
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0019000C
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0019100C
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0019200C
.text C:\Windows\system32\svchost.exe[2812] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 002F000C
.text C:\Windows\system32\svchost.exe[2812] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 002F100C
.text C:\Windows\system32\svchost.exe[2812] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 002F200C
.text C:\Windows\System32\svchost.exe[2852] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 001C000C
.text C:\Windows\System32\svchost.exe[2852] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 001C100C
.text C:\Windows\System32\svchost.exe[2852] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 001C200C
.text C:\Windows\system32\SearchIndexer.exe[2888] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 00F5000C
.text C:\Windows\system32\SearchIndexer.exe[2888] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 00F5100C
.text C:\Windows\system32\SearchIndexer.exe[2888] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 00F5200C
.text C:\Windows\system32\SearchIndexer.exe[2888] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 00F5300C
.text C:\Windows\system32\SearchIndexer.exe[2888] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 00F5400C
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 00F5800C
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 00F5600C
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 00F5900C
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 00F5700C
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 00F5500C
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 00F5B00C
.text C:\Windows\system32\SearchIndexer.exe[2888] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 00F5A00C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0015000C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0015100C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0015200C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0015300C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0015400C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0015800C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0015600C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0015900C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0015700C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0015500C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0015B00C
.text C:\Windows\system32\SearchProtocolHost.exe[3076] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0015A00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 012C000C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 012C100C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 012C200C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 012C300C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 012C400C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 012C800C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 012C600C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 012C900C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 012C700C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 012C500C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 012CB00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3496] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 012CA00C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ntdll.dll!NtCreateProcess 77394494 5 Bytes JMP 0019000C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ntdll.dll!NtCreateProcessEx 773944A4 5 Bytes JMP 0019100C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ntdll.dll!NtCreateUserProcess 77395804 5 Bytes JMP 0019200C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] kernel32.dll!LoadLibraryExW 771A9109 5 Bytes JMP 0019300C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] kernel32.dll!TerminateThread 771C41F7 5 Bytes JMP 0019400C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ADVAPI32.dll!CloseServiceHandle 772882A5 5 Bytes JMP 0019800C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ADVAPI32.dll!OpenServiceW 77288354 5 Bytes JMP 0019600C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ADVAPI32.dll!CreateServiceW 772A9EB4 5 Bytes JMP 0019900C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ADVAPI32.dll!ControlService 772A9FB8 5 Bytes JMP 0019700C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] USER32.dll!SetWindowsHookExW 76C787AD 5 Bytes JMP 0019500C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] USER32.dll!DdeConnect 76CB9A1F 5 Bytes JMP 0019B00C
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ole32.dll!CoCreateInstanceEx 75D49EE9 5 Bytes JMP 0019A00C
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
---- EOF - GMER 1.0.15 ----