GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-10 11:07:37 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3OA60A Running: gyhq2rgz.exe; Driver: D:\DOCUME~1\l\USTAWI~1\Temp\kwldqfoc.sys ---- User code sections - GMER 1.0.15 ---- .text D:\WINDOWS\Explorer.EXE[444] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 02A46390 .text D:\WINDOWS\Explorer.EXE[444] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 02A46640 .text D:\WINDOWS\Explorer.EXE[444] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 02A453D0 .text D:\WINDOWS\Explorer.EXE[444] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 02A45300 .text D:\WINDOWS\Explorer.EXE[444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02A411C0 .text D:\WINDOWS\Explorer.EXE[444] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02A41290 .text D:\WINDOWS\Explorer.EXE[444] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 02A42510 .text D:\WINDOWS\Explorer.EXE[444] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 02A410A0 .text D:\WINDOWS\Explorer.EXE[444] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 02A41000 .text D:\WINDOWS\Explorer.EXE[444] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 02A42570 .text D:\WINDOWS\Explorer.EXE[444] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 02A420A0 .text D:\WINDOWS\Explorer.EXE[444] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 02A423A0 .text D:\WINDOWS\Explorer.EXE[444] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 02A42160 .text D:\WINDOWS\Explorer.EXE[444] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02A41D10 .text D:\WINDOWS\Explorer.EXE[444] WS2_32.dll!send 71A5428A 5 Bytes JMP 02A47250 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 014E6390 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 014E6640 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 014E53D0 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 014E5300 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 014E11C0 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 014E1290 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 014E2510 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 014E10A0 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 014E1000 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 014E2570 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 014E1D10 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] WS2_32.dll!send 71A5428A 5 Bytes JMP 014E7250 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 014E20A0 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 014E23A0 .text D:\WINDOWS\system32\inetsrv\inetinfo.exe[640] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 014E2160 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00156390 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156640 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001553D0 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00155300 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00151290 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00152510 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001510A0 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00151000 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00152570 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] WS2_32.dll!send 71A5428A 5 Bytes JMP 00157250 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001520A0 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 001523A0 .text D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[688] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00152160 .text D:\WINDOWS\system32\csrss.exe[832] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01556390 .text D:\WINDOWS\system32\csrss.exe[832] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01556640 .text D:\WINDOWS\system32\csrss.exe[832] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 015553D0 .text D:\WINDOWS\system32\csrss.exe[832] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01555300 .text D:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 015511C0 .text D:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 01551290 .text D:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!MoveFileA 7C822294 5 Bytes JMP 01552510 .text D:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CopyFileW 7C825779 5 Bytes JMP 015510A0 .text D:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CopyFileA 7C830053 5 Bytes JMP 01551000 .text D:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!MoveFileW 7C839659 5 Bytes JMP 01552570 .text D:\WINDOWS\system32\csrss.exe[832] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01551D10 .text D:\WINDOWS\system32\csrss.exe[832] WS2_32.dll!send 71A5428A 5 Bytes JMP 01557250 .text D:\WINDOWS\system32\csrss.exe[832] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 015520A0 .text D:\WINDOWS\system32\csrss.exe[832] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 015523A0 .text D:\WINDOWS\system32\csrss.exe[832] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01552160 .text D:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01AB6390 .text D:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01AB6640 .text D:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01AB53D0 .text D:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01AB5300 .text D:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01AB11C0 .text D:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01AB1290 .text D:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01AB2510 .text D:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 01AB10A0 .text D:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01AB1000 .text D:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01AB2570 .text D:\WINDOWS\system32\winlogon.exe[856] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01AB1D10 .text D:\WINDOWS\system32\winlogon.exe[856] WS2_32.dll!send 71A5428A 5 Bytes JMP 01AB7250 .text D:\WINDOWS\system32\winlogon.exe[856] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01AB20A0 .text D:\WINDOWS\system32\winlogon.exe[856] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01AB23A0 .text D:\WINDOWS\system32\winlogon.exe[856] WININET.dll!HttpSendRequestW 77201808 3 Bytes JMP 01AB2160 .text D:\WINDOWS\system32\winlogon.exe[856] WININET.dll!HttpSendRequestW + 4 7720180C 1 Byte [8A] .text D:\WINDOWS\system32\services.exe[900] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013A6390 .text D:\WINDOWS\system32\services.exe[900] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 013A6640 .text D:\WINDOWS\system32\services.exe[900] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013A53D0 .text D:\WINDOWS\system32\services.exe[900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 013A5300 .text D:\WINDOWS\system32\services.exe[900] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013A11C0 .text D:\WINDOWS\system32\services.exe[900] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 013A1290 .text D:\WINDOWS\system32\services.exe[900] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 013A2510 .text D:\WINDOWS\system32\services.exe[900] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 013A10A0 .text D:\WINDOWS\system32\services.exe[900] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 013A1000 .text D:\WINDOWS\system32\services.exe[900] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 013A2570 .text D:\WINDOWS\system32\services.exe[900] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013A1D10 .text D:\WINDOWS\system32\services.exe[900] WS2_32.dll!send 71A5428A 5 Bytes JMP 013A7250 .text D:\WINDOWS\system32\services.exe[900] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 013A20A0 .text D:\WINDOWS\system32\services.exe[900] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 013A23A0 .text D:\WINDOWS\system32\services.exe[900] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 013A2160 .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E06390 .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E06640 .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E053D0 .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E05300 .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E011C0 .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E01290 .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00E02510 .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00E010A0 .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00E01000 .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00E02570 .text D:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E01D10 .text D:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E07250 .text D:\WINDOWS\system32\svchost.exe[1060] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00E020A0 .text D:\WINDOWS\system32\svchost.exe[1060] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00E023A0 .text D:\WINDOWS\system32\svchost.exe[1060] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00E02160 .text D:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BC6390 .text D:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BC6640 .text D:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00BC53D0 .text D:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BC5300 .text D:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BC11C0 .text D:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00BC1290 .text D:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00BC2510 .text D:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00BC10A0 .text D:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00BC1000 .text D:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00BC2570 .text D:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BC1D10 .text D:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!send 71A5428A 5 Bytes JMP 00BC7250 .text D:\WINDOWS\system32\svchost.exe[1140] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00BC20A0 .text D:\WINDOWS\system32\svchost.exe[1140] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00BC23A0 .text D:\WINDOWS\system32\svchost.exe[1140] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00BC2160 .text D:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 036C6390 .text D:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 036C6640 .text D:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 036C53D0 .text D:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 036C5300 .text D:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 036C11C0 .text D:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 036C1290 .text D:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 036C2510 .text D:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 036C10A0 .text D:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 036C1000 .text D:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 036C2570 .text D:\WINDOWS\System32\svchost.exe[1180] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 036C1D10 .text D:\WINDOWS\System32\svchost.exe[1180] WS2_32.dll!send 71A5428A 5 Bytes JMP 036C7250 .text D:\WINDOWS\System32\svchost.exe[1180] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 036C20A0 .text D:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 036C23A0 .text D:\WINDOWS\System32\svchost.exe[1180] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 036C2160 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01396390 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01396640 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013953D0 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01395300 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013911C0 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01391290 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01392510 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 013910A0 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01391000 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01392570 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01391D10 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] WS2_32.dll!send 71A5428A 5 Bytes JMP 01397250 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 013920A0 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 013923A0 .text D:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1216] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01392160 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001620A0 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 001623A0 .text D:\Documents and Settings\l\Pulpit\gyhq2rgz.exe[1224] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00162160 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00976390 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00976640 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009753D0 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00975300 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009711C0 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00971290 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00972510 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009710A0 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00971000 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00972570 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00971D10 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] WS2_32.dll!send 71A5428A 5 Bytes JMP 00977250 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009720A0 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009723A0 .text D:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1280] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00972160 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011C6390 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011C6640 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 011C53D0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 011C5300 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011C11C0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011C1290 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 011C2510 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011C10A0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 011C1000 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 011C2570 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011C1D10 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] WS2_32.dll!send 71A5428A 5 Bytes JMP 011C7250 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 011C20A0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 011C23A0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1284] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 011C2160 .text D:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00796390 .text D:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00796640 .text D:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 007953D0 .text D:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00795300 .text D:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007911C0 .text D:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00791290 .text D:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00792510 .text D:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007910A0 .text D:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00791000 .text D:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00792570 .text D:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00791D10 .text D:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!send 71A5428A 5 Bytes JMP 00797250 .text D:\WINDOWS\system32\svchost.exe[1360] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 007920A0 .text D:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 007923A0 .text D:\WINDOWS\system32\svchost.exe[1360] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00792160 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01A76390 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01A76640 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01A753D0 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01A75300 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01A711C0 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01A71290 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01A72510 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 01A710A0 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01A71000 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01A72570 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A71D10 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] WS2_32.dll!send 71A5428A 5 Bytes JMP 01A77250 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] WININET.dll!HttpSendRequestA 771B76B8 3 Bytes JMP 01A720A0 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] WININET.dll!HttpSendRequestA + 4 771B76BC 1 Byte [8A] .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01A723A0 .text D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[1380] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01A72160 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 028E6390 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 028E6640 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 028E53D0 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 028E5300 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 028E11C0 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 028E1290 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 028E2510 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 028E10A0 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 028E1000 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 028E2570 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 028E20A0 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 028E23A0 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 028E2160 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 028E1D10 .text D:\Program Files\Acer\OrbiCam\OrbiCam.exe[1400] WS2_32.dll!send 71A5428A 5 Bytes JMP 028E7250 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 09356390 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 09356640 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 093553D0 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 09355300 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 093511C0 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 09351290 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 09352510 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 093510A0 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 09351000 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 09352570 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 09351D10 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] WS2_32.dll!send 71A5428A 5 Bytes JMP 09357250 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 093520A0 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 093523A0 .text D:\DOCUME~1\l\USTAWI~1\Temp\d6ti0.exe[1440] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 09352160 .text D:\WINDOWS\RTHDCPL.EXE[1448] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 04656390 .text D:\WINDOWS\RTHDCPL.EXE[1448] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 04656640 .text D:\WINDOWS\RTHDCPL.EXE[1448] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 046553D0 .text D:\WINDOWS\RTHDCPL.EXE[1448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 04655300 .text D:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 046511C0 .text D:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 04651290 .text D:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 04652510 .text D:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 046510A0 .text D:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 04651000 .text D:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 04652570 .text D:\WINDOWS\RTHDCPL.EXE[1448] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 04651D10 .text D:\WINDOWS\RTHDCPL.EXE[1448] WS2_32.dll!send 71A5428A 5 Bytes JMP 04657250 .text D:\WINDOWS\RTHDCPL.EXE[1448] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 046520A0 .text D:\WINDOWS\RTHDCPL.EXE[1448] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 046523A0 .text D:\WINDOWS\RTHDCPL.EXE[1448] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 04652160 .text D:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009D6390 .text D:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009D6640 .text D:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009D53D0 .text D:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009D5300 .text D:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0 .text D:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009D1290 .text D:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009D2510 .text D:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009D10A0 .text D:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009D1000 .text D:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009D2570 .text D:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009D1D10 .text D:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!send 71A5428A 5 Bytes JMP 009D7250 .text D:\WINDOWS\system32\svchost.exe[1456] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009D20A0 .text D:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009D23A0 .text D:\WINDOWS\system32\svchost.exe[1456] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 009D2160 .text D:\WINDOWS\system32\igfxtray.exe[1508] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00ED6390 .text D:\WINDOWS\system32\igfxtray.exe[1508] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00ED6640 .text D:\WINDOWS\system32\igfxtray.exe[1508] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00ED53D0 .text D:\WINDOWS\system32\igfxtray.exe[1508] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00ED5300 .text D:\WINDOWS\system32\igfxtray.exe[1508] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00ED11C0 .text D:\WINDOWS\system32\igfxtray.exe[1508] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00ED1290 .text D:\WINDOWS\system32\igfxtray.exe[1508] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00ED2510 .text D:\WINDOWS\system32\igfxtray.exe[1508] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00ED10A0 .text D:\WINDOWS\system32\igfxtray.exe[1508] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00ED1000 .text D:\WINDOWS\system32\igfxtray.exe[1508] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00ED2570 .text D:\WINDOWS\system32\igfxtray.exe[1508] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00ED1D10 .text D:\WINDOWS\system32\igfxtray.exe[1508] WS2_32.dll!send 71A5428A 5 Bytes JMP 00ED7250 .text D:\WINDOWS\system32\igfxtray.exe[1508] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00ED20A0 .text D:\WINDOWS\system32\igfxtray.exe[1508] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00ED23A0 .text D:\WINDOWS\system32\igfxtray.exe[1508] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00ED2160 .text D:\WINDOWS\system32\hkcmd.exe[1520] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D36390 .text D:\WINDOWS\system32\hkcmd.exe[1520] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D36640 .text D:\WINDOWS\system32\hkcmd.exe[1520] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00D353D0 .text D:\WINDOWS\system32\hkcmd.exe[1520] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D35300 .text D:\WINDOWS\system32\hkcmd.exe[1520] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D311C0 .text D:\WINDOWS\system32\hkcmd.exe[1520] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D31290 .text D:\WINDOWS\system32\hkcmd.exe[1520] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00D32510 .text D:\WINDOWS\system32\hkcmd.exe[1520] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00D310A0 .text D:\WINDOWS\system32\hkcmd.exe[1520] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00D31000 .text D:\WINDOWS\system32\hkcmd.exe[1520] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00D32570 .text D:\WINDOWS\system32\hkcmd.exe[1520] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D31D10 .text D:\WINDOWS\system32\hkcmd.exe[1520] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D37250 .text D:\WINDOWS\system32\hkcmd.exe[1520] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00D320A0 .text D:\WINDOWS\system32\hkcmd.exe[1520] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00D323A0 .text D:\WINDOWS\system32\hkcmd.exe[1520] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00D32160 .text D:\WINDOWS\system32\igfxpers.exe[1536] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E66390 .text D:\WINDOWS\system32\igfxpers.exe[1536] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E66640 .text D:\WINDOWS\system32\igfxpers.exe[1536] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E653D0 .text D:\WINDOWS\system32\igfxpers.exe[1536] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E65300 .text D:\WINDOWS\system32\igfxpers.exe[1536] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E611C0 .text D:\WINDOWS\system32\igfxpers.exe[1536] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E61290 .text D:\WINDOWS\system32\igfxpers.exe[1536] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00E62510 .text D:\WINDOWS\system32\igfxpers.exe[1536] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00E610A0 .text D:\WINDOWS\system32\igfxpers.exe[1536] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00E61000 .text D:\WINDOWS\system32\igfxpers.exe[1536] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00E62570 .text D:\WINDOWS\system32\igfxpers.exe[1536] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E61D10 .text D:\WINDOWS\system32\igfxpers.exe[1536] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E67250 .text D:\WINDOWS\system32\igfxpers.exe[1536] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00E620A0 .text D:\WINDOWS\system32\igfxpers.exe[1536] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00E623A0 .text D:\WINDOWS\system32\igfxpers.exe[1536] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00E62160 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F26390 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F26640 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00F253D0 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F25300 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F211C0 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F21290 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00F22510 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00F210A0 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00F21000 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00F22570 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F21D10 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F27250 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00F220A0 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00F223A0 .text D:\WINDOWS\system32\igfxsrvc.exe[1584] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00F22160 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01646390 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01646640 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 016453D0 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01645300 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016411C0 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01641290 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01642510 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 016410A0 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01641000 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01642570 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01641D10 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] WS2_32.dll!send 71A5428A 5 Bytes JMP 01647250 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 016420A0 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 016423A0 .text D:\PROGRA~1\LAUNCH~1\LManager.exe[1592] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01642160 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009F6390 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009F6640 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009F53D0 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009F5300 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F11C0 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009F1290 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009F2510 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009F10A0 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009F1000 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009F2570 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009F1D10 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] WS2_32.dll!send 71A5428A 5 Bytes JMP 009F7250 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009F20A0 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009F23A0 .text D:\WINDOWS\System32\WLTRYSVC.EXE[1612] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 009F2160 .text D:\WINDOWS\System32\bcmwltry.exe[1624] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013B6390 .text D:\WINDOWS\System32\bcmwltry.exe[1624] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 013B6640 .text D:\WINDOWS\System32\bcmwltry.exe[1624] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013B53D0 .text D:\WINDOWS\System32\bcmwltry.exe[1624] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 013B5300 .text D:\WINDOWS\System32\bcmwltry.exe[1624] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013B11C0 .text D:\WINDOWS\System32\bcmwltry.exe[1624] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 013B1290 .text D:\WINDOWS\System32\bcmwltry.exe[1624] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 013B2510 .text D:\WINDOWS\System32\bcmwltry.exe[1624] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 013B10A0 .text D:\WINDOWS\System32\bcmwltry.exe[1624] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 013B1000 .text D:\WINDOWS\System32\bcmwltry.exe[1624] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 013B2570 .text D:\WINDOWS\System32\bcmwltry.exe[1624] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 013B20A0 .text D:\WINDOWS\System32\bcmwltry.exe[1624] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 013B23A0 .text D:\WINDOWS\System32\bcmwltry.exe[1624] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 013B2160 .text D:\WINDOWS\System32\bcmwltry.exe[1624] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013B1D10 .text D:\WINDOWS\System32\bcmwltry.exe[1624] WS2_32.dll!send 71A5428A 5 Bytes JMP 013B7250 .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A46390 .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A46640 .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00A453D0 .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A45300 .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A411C0 .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A41290 .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00A42510 .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00A410A0 .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00A41000 .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00A42570 .text D:\WINDOWS\system32\spoolsv.exe[1696] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A41D10 .text D:\WINDOWS\system32\spoolsv.exe[1696] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A47250 .text D:\WINDOWS\system32\spoolsv.exe[1696] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00A420A0 .text D:\WINDOWS\system32\spoolsv.exe[1696] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00A423A0 .text D:\WINDOWS\system32\spoolsv.exe[1696] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00A42160 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01146390 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01146640 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 011453D0 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01145300 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011411C0 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01141290 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01142510 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011410A0 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01141000 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01142570 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01141D10 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] WS2_32.dll!send 71A5428A 5 Bytes JMP 01147250 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 011420A0 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 011423A0 .text D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1788] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01142160 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes JMP 06916390 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 1 Byte [8A] .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 06916640 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [8A] .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes JMP 069153D0 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!NtResumeThread + 4 7C90E463 1 Byte [8A] .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 06915300 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 069111C0 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 06911290 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 06912510 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 069110A0 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 06911000 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 06912570 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06911D10 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] WS2_32.dll!send 71A5428A 5 Bytes JMP 06917250 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 069120A0 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 069123A0 .text D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1796] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 06912160 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 014B6390 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 014B6640 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 014B53D0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 014B5300 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 014B11C0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 014B1290 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 014B2510 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 014B10A0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 014B1000 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 014B2570 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 014B1D10 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] WS2_32.dll!send 71A5428A 5 Bytes JMP 014B7250 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 014B20A0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 014B23A0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1844] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 014B2160 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01096390 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01096640 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 010953D0 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01095300 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010911C0 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01091290 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01092510 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 010910A0 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01091000 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01092570 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01091D10 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] WS2_32.dll!send 71A5428A 5 Bytes JMP 01097250 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 010920A0 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 010923A0 .text D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1856] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01092160 .text D:\WINDOWS\system32\WLTRAY.exe[1900] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F76390 .text D:\WINDOWS\system32\WLTRAY.exe[1900] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F76640 .text D:\WINDOWS\system32\WLTRAY.exe[1900] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00F753D0 .text D:\WINDOWS\system32\WLTRAY.exe[1900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F75300 .text D:\WINDOWS\system32\WLTRAY.exe[1900] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F711C0 .text D:\WINDOWS\system32\WLTRAY.exe[1900] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F71290 .text D:\WINDOWS\system32\WLTRAY.exe[1900] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00F72510 .text D:\WINDOWS\system32\WLTRAY.exe[1900] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00F710A0 .text D:\WINDOWS\system32\WLTRAY.exe[1900] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00F71000 .text D:\WINDOWS\system32\WLTRAY.exe[1900] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00F72570 .text D:\WINDOWS\system32\WLTRAY.exe[1900] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F71D10 .text D:\WINDOWS\system32\WLTRAY.exe[1900] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F77250 .text D:\WINDOWS\system32\WLTRAY.exe[1900] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00F720A0 .text D:\WINDOWS\system32\WLTRAY.exe[1900] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00F723A0 .text D:\WINDOWS\system32\WLTRAY.exe[1900] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00F72160 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01286390 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01286640 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 012853D0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01285300 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012811C0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01281290 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01282510 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 012810A0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01281000 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01282570 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01281D10 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] WS2_32.dll!send 71A5428A 5 Bytes JMP 01287250 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 012820A0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 012823A0 .text D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[1904] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01282160 .text D:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C66390 .text D:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C66640 .text D:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00C653D0 .text D:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C65300 .text D:\WINDOWS\system32\ctfmon.exe[1916] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C611C0 .text D:\WINDOWS\system32\ctfmon.exe[1916] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00C61290 .text D:\WINDOWS\system32\ctfmon.exe[1916] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00C62510 .text D:\WINDOWS\system32\ctfmon.exe[1916] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00C610A0 .text D:\WINDOWS\system32\ctfmon.exe[1916] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00C61000 .text D:\WINDOWS\system32\ctfmon.exe[1916] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00C62570 .text D:\WINDOWS\system32\ctfmon.exe[1916] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C61D10 .text D:\WINDOWS\system32\ctfmon.exe[1916] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C67250 .text D:\WINDOWS\system32\ctfmon.exe[1916] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00C620A0 .text D:\WINDOWS\system32\ctfmon.exe[1916] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00C623A0 .text D:\WINDOWS\system32\ctfmon.exe[1916] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00C62160 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 012F6390 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 012F6640 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 012F53D0 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 012F5300 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012F11C0 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 012F1290 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 012F2510 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 012F10A0 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 012F1000 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 012F2570 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012F1D10 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] WS2_32.dll!send 71A5428A 5 Bytes JMP 012F7250 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 012F20A0 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 012F23A0 .text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 012F2160 .text D:\Program Files\Messenger\msmsgs.exe[1972] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F26390 .text D:\Program Files\Messenger\msmsgs.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F26640 .text D:\Program Files\Messenger\msmsgs.exe[1972] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00F253D0 .text D:\Program Files\Messenger\msmsgs.exe[1972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F25300 .text D:\Program Files\Messenger\msmsgs.exe[1972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F211C0 .text D:\Program Files\Messenger\msmsgs.exe[1972] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F21290 .text D:\Program Files\Messenger\msmsgs.exe[1972] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00F22510 .text D:\Program Files\Messenger\msmsgs.exe[1972] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00F210A0 .text D:\Program Files\Messenger\msmsgs.exe[1972] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00F21000 .text D:\Program Files\Messenger\msmsgs.exe[1972] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00F22570 .text D:\Program Files\Messenger\msmsgs.exe[1972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F21D10 .text D:\Program Files\Messenger\msmsgs.exe[1972] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F27250 .text D:\Program Files\Messenger\msmsgs.exe[1972] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00F220A0 .text D:\Program Files\Messenger\msmsgs.exe[1972] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00F223A0 .text D:\Program Files\Messenger\msmsgs.exe[1972] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00F22160 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009D6390 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009D6640 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009D53D0 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009D5300 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009D1290 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009D2510 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009D10A0 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009D1000 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009D2570 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009D1D10 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] WS2_32.dll!send 71A5428A 5 Bytes JMP 009D7250 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009D20A0 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009D23A0 .text D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2220] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 009D2160 .text D:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E6390 .text D:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E6640 .text D:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 008E53D0 .text D:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008E5300 .text D:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E11C0 .text D:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008E1290 .text D:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 008E2510 .text D:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008E10A0 .text D:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 008E1000 .text D:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 008E2570 .text D:\WINDOWS\system32\svchost.exe[2284] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008E1D10 .text D:\WINDOWS\system32\svchost.exe[2284] WS2_32.dll!send 71A5428A 5 Bytes JMP 008E7250 .text D:\WINDOWS\system32\svchost.exe[2284] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 008E20A0 .text D:\WINDOWS\system32\svchost.exe[2284] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 008E23A0 .text D:\WINDOWS\system32\svchost.exe[2284] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 008E2160 .text D:\WINDOWS\system32\igfxext.exe[2720] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB6390 .text D:\WINDOWS\system32\igfxext.exe[2720] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB6640 .text D:\WINDOWS\system32\igfxext.exe[2720] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00DB53D0 .text D:\WINDOWS\system32\igfxext.exe[2720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DB5300 .text D:\WINDOWS\system32\igfxext.exe[2720] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DB11C0 .text D:\WINDOWS\system32\igfxext.exe[2720] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00DB1290 .text D:\WINDOWS\system32\igfxext.exe[2720] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00DB2510 .text D:\WINDOWS\system32\igfxext.exe[2720] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00DB10A0 .text D:\WINDOWS\system32\igfxext.exe[2720] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00DB1000 .text D:\WINDOWS\system32\igfxext.exe[2720] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00DB2570 .text D:\WINDOWS\system32\igfxext.exe[2720] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DB1D10 .text D:\WINDOWS\system32\igfxext.exe[2720] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DB7250 .text D:\WINDOWS\system32\igfxext.exe[2720] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00DB20A0 .text D:\WINDOWS\system32\igfxext.exe[2720] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00DB23A0 .text D:\WINDOWS\system32\igfxext.exe[2720] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00DB2160 .text D:\WINDOWS\System32\alg.exe[3060] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00816390 .text D:\WINDOWS\System32\alg.exe[3060] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00816640 .text D:\WINDOWS\System32\alg.exe[3060] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 008153D0 .text D:\WINDOWS\System32\alg.exe[3060] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00815300 .text D:\WINDOWS\System32\alg.exe[3060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008111C0 .text D:\WINDOWS\System32\alg.exe[3060] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00811290 .text D:\WINDOWS\System32\alg.exe[3060] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00812510 .text D:\WINDOWS\System32\alg.exe[3060] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008110A0 .text D:\WINDOWS\System32\alg.exe[3060] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00811000 .text D:\WINDOWS\System32\alg.exe[3060] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00812570 .text D:\WINDOWS\System32\alg.exe[3060] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00811D10 .text D:\WINDOWS\System32\alg.exe[3060] WS2_32.dll!send 71A5428A 5 Bytes JMP 00817250 .text D:\WINDOWS\System32\alg.exe[3060] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 008120A0 .text D:\WINDOWS\System32\alg.exe[3060] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 008123A0 .text D:\WINDOWS\System32\alg.exe[3060] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00812160 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001620A0 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 001623A0 .text D:\Documents and Settings\l\Pulpit\OTL.exe[3772] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00162160 .text D:\WINDOWS\notepad.exe[3860] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000B6390 .text D:\WINDOWS\notepad.exe[3860] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000B6640 .text D:\WINDOWS\notepad.exe[3860] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000B53D0 .text D:\WINDOWS\notepad.exe[3860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000B5300 .text D:\WINDOWS\notepad.exe[3860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000B11C0 .text D:\WINDOWS\notepad.exe[3860] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000B1290 .text D:\WINDOWS\notepad.exe[3860] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000B2510 .text D:\WINDOWS\notepad.exe[3860] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000B10A0 .text D:\WINDOWS\notepad.exe[3860] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000B1000 .text D:\WINDOWS\notepad.exe[3860] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000B2570 .text D:\WINDOWS\notepad.exe[3860] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text D:\WINDOWS\notepad.exe[3860] WS2_32.dll!send 71A5428A 5 Bytes JMP 000B7250 .text D:\WINDOWS\notepad.exe[3860] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 000B20A0 .text D:\WINDOWS\notepad.exe[3860] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 000B23A0 .text D:\WINDOWS\notepad.exe[3860] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 000B2160 .text D:\WINDOWS\system32\wscntfy.exe[3928] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008B6390 .text D:\WINDOWS\system32\wscntfy.exe[3928] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008B6640 .text D:\WINDOWS\system32\wscntfy.exe[3928] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 008B53D0 .text D:\WINDOWS\system32\wscntfy.exe[3928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008B5300 .text D:\WINDOWS\system32\wscntfy.exe[3928] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B11C0 .text D:\WINDOWS\system32\wscntfy.exe[3928] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008B1290 .text D:\WINDOWS\system32\wscntfy.exe[3928] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 008B2510 .text D:\WINDOWS\system32\wscntfy.exe[3928] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008B10A0 .text D:\WINDOWS\system32\wscntfy.exe[3928] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 008B1000 .text D:\WINDOWS\system32\wscntfy.exe[3928] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 008B2570 .text D:\WINDOWS\system32\wscntfy.exe[3928] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008B1D10 .text D:\WINDOWS\system32\wscntfy.exe[3928] WS2_32.dll!send 71A5428A 5 Bytes JMP 008B7250 .text D:\WINDOWS\system32\wscntfy.exe[3928] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 008B20A0 .text D:\WINDOWS\system32\wscntfy.exe[3928] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 008B23A0 .text D:\WINDOWS\system32\wscntfy.exe[3928] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 008B2160 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DD6390 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DD6640 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00DD53D0 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DD5300 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DD11C0 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00DD1290 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00DD2510 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00DD10A0 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00DD1000 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00DD2570 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DD1D10 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DD7250 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00DD20A0 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00DD23A0 .text D:\DOCUME~1\l\USTAWI~1\Temp\RtkBtMnt.exe[3956] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00DD2160 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Tatytr D:\Documents and Settings\l\Dane aplikacji\Tatytr.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@D:\Documents and Settings\l\Dane aplikacji\Tatytr.exe Tatytr ---- Files - GMER 1.0.15 ---- File D:\Documents and Settings\l\Dane aplikacji\Tatytr.exe 145997 bytes executable ---- EOF - GMER 1.0.15 ----