GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-18 12:59:20 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6026GAX rev.PA202D Running: rq198vhw.exe; Driver: C:\DOCUME~1\Andrzej\USTAWI~1\Temp\pxryrkob.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINNT\system32\spoolsv.exe[192] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F26390 .text C:\WINNT\system32\spoolsv.exe[192] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F26640 .text C:\WINNT\system32\spoolsv.exe[192] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F253D0 .text C:\WINNT\system32\spoolsv.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F25300 .text C:\WINNT\system32\spoolsv.exe[192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F211C0 .text C:\WINNT\system32\spoolsv.exe[192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F21290 .text C:\WINNT\system32\spoolsv.exe[192] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F22570 .text C:\WINNT\system32\spoolsv.exe[192] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F21000 .text C:\WINNT\system32\spoolsv.exe[192] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F210A0 .text C:\WINNT\system32\spoolsv.exe[192] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F22510 .text C:\WINNT\system32\spoolsv.exe[192] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F21D10 .text C:\WINNT\system32\spoolsv.exe[192] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F27250 .text C:\WINNT\system32\spoolsv.exe[192] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00F22160 .text C:\WINNT\system32\spoolsv.exe[192] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00F220A0 .text C:\WINNT\system32\spoolsv.exe[192] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00F223A0 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Andrzej\Pulpit\rq198vhw.exe[224] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\WINNT\system32\svchost.exe[256] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C26390 .text C:\WINNT\system32\svchost.exe[256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C26640 .text C:\WINNT\system32\svchost.exe[256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C253D0 .text C:\WINNT\system32\svchost.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C25300 .text C:\WINNT\system32\svchost.exe[256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\WINNT\system32\svchost.exe[256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C21290 .text C:\WINNT\system32\svchost.exe[256] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C22570 .text C:\WINNT\system32\svchost.exe[256] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C21000 .text C:\WINNT\system32\svchost.exe[256] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C210A0 .text C:\WINNT\system32\svchost.exe[256] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C22510 .text C:\WINNT\system32\svchost.exe[256] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C22160 .text C:\WINNT\system32\svchost.exe[256] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C220A0 .text C:\WINNT\system32\svchost.exe[256] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C223A0 .text C:\WINNT\system32\svchost.exe[256] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21D10 .text C:\WINNT\system32\svchost.exe[256] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C27250 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C26390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C26640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C253D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C25300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C21290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C22570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C21000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C210A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C22510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C22160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C220A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C223A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21D10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[456] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C27250 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F56390 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F56640 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F553D0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F55300 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F511C0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F51290 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F52570 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F51000 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F510A0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F52510 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F51D10 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F57250 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00F52160 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00F520A0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[512] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00F523A0 .text C:\WINNT\system32\WLTRAY.exe[520] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01276390 .text C:\WINNT\system32\WLTRAY.exe[520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01276640 .text C:\WINNT\system32\WLTRAY.exe[520] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012753D0 .text C:\WINNT\system32\WLTRAY.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01275300 .text C:\WINNT\system32\WLTRAY.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012711C0 .text C:\WINNT\system32\WLTRAY.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01271290 .text C:\WINNT\system32\WLTRAY.exe[520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01272570 .text C:\WINNT\system32\WLTRAY.exe[520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01271000 .text C:\WINNT\system32\WLTRAY.exe[520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012710A0 .text C:\WINNT\system32\WLTRAY.exe[520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01272510 .text C:\WINNT\system32\WLTRAY.exe[520] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01271D10 .text C:\WINNT\system32\WLTRAY.exe[520] WS2_32.dll!send 71A54C27 5 Bytes JMP 01277250 .text C:\WINNT\system32\WLTRAY.exe[520] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01272160 .text C:\WINNT\system32\WLTRAY.exe[520] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 012720A0 .text C:\WINNT\system32\WLTRAY.exe[520] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 012723A0 .text C:\WINNT\system32\ctfmon.exe[624] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B76390 .text C:\WINNT\system32\ctfmon.exe[624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B76640 .text C:\WINNT\system32\ctfmon.exe[624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B753D0 .text C:\WINNT\system32\ctfmon.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B75300 .text C:\WINNT\system32\ctfmon.exe[624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\WINNT\system32\ctfmon.exe[624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B71290 .text C:\WINNT\system32\ctfmon.exe[624] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B72570 .text C:\WINNT\system32\ctfmon.exe[624] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B71000 .text C:\WINNT\system32\ctfmon.exe[624] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B710A0 .text C:\WINNT\system32\ctfmon.exe[624] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B72510 .text C:\WINNT\system32\ctfmon.exe[624] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\WINNT\system32\ctfmon.exe[624] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B77250 .text C:\WINNT\system32\ctfmon.exe[624] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B72160 .text C:\WINNT\system32\ctfmon.exe[624] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B720A0 .text C:\WINNT\system32\ctfmon.exe[624] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B723A0 .text C:\Program Files\NetWaiting\netWaiting.exe[656] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01006390 .text C:\Program Files\NetWaiting\netWaiting.exe[656] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01006640 .text C:\Program Files\NetWaiting\netWaiting.exe[656] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010053D0 .text C:\Program Files\NetWaiting\netWaiting.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01005300 .text C:\Program Files\NetWaiting\netWaiting.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010011C0 .text C:\Program Files\NetWaiting\netWaiting.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01001290 .text C:\Program Files\NetWaiting\netWaiting.exe[656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01002570 .text C:\Program Files\NetWaiting\netWaiting.exe[656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01001000 .text C:\Program Files\NetWaiting\netWaiting.exe[656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010010A0 .text C:\Program Files\NetWaiting\netWaiting.exe[656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01002510 .text C:\Program Files\NetWaiting\netWaiting.exe[656] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01001D10 .text C:\Program Files\NetWaiting\netWaiting.exe[656] WS2_32.dll!send 71A54C27 5 Bytes JMP 01007250 .text C:\Program Files\NetWaiting\netWaiting.exe[656] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01002160 .text C:\Program Files\NetWaiting\netWaiting.exe[656] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 010020A0 .text C:\Program Files\NetWaiting\netWaiting.exe[656] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 010023A0 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01376390 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01376640 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013753D0 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01375300 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013711C0 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01371290 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01372570 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01371000 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013710A0 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01372510 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01371D10 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] WS2_32.dll!send 71A54C27 5 Bytes JMP 01377250 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01372160 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 013720A0 .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[672] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 013723A0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 06AD6390 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 06AD6640 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 06AD53D0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 06AD5300 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06AD11C0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06AD1290 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 06AD2570 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 06AD1000 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 06AD10A0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 06AD2510 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06AD1D10 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] WS2_32.dll!send 71A54C27 5 Bytes JMP 06AD7250 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 06AD2160 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 06AD20A0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[760] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 06AD23A0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 06E46390 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 06E46640 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 06E453D0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 06E45300 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06E411C0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06E41290 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 06E42570 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 06E41000 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 06E410A0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 06E42510 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06E41D10 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] WS2_32.dll!send 71A54C27 5 Bytes JMP 06E47250 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 06E42160 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 06E420A0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[768] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 06E423A0 .text C:\Program Files\Apoint\Apoint.exe[780] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010C6390 .text C:\Program Files\Apoint\Apoint.exe[780] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 010C6640 .text C:\Program Files\Apoint\Apoint.exe[780] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010C53D0 .text C:\Program Files\Apoint\Apoint.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010C5300 .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!CreateFileA 7C801A28 3 Bytes JMP 010C11C0 .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!CreateFileA + 4 7C801A2C 1 Byte [84] .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!CreateFileW 7C810800 3 Bytes JMP 010C1290 .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!CreateFileW + 4 7C810804 1 Byte [84] .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 010C2570 .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 010C1000 .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010C10A0 .text C:\Program Files\Apoint\Apoint.exe[780] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 010C2510 .text C:\Program Files\Apoint\Apoint.exe[780] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 010C1D10 .text C:\Program Files\Apoint\Apoint.exe[780] WS2_32.dll!send 71A54C27 5 Bytes JMP 010C7250 .text C:\Program Files\Apoint\Apoint.exe[780] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 010C2160 .text C:\Program Files\Apoint\Apoint.exe[780] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 010C20A0 .text C:\Program Files\Apoint\Apoint.exe[780] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 010C23A0 .text C:\WINNT\system32\csrss.exe[816] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 015F6390 .text C:\WINNT\system32\csrss.exe[816] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 015F6640 .text C:\WINNT\system32\csrss.exe[816] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015F53D0 .text C:\WINNT\system32\csrss.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015F5300 .text C:\WINNT\system32\csrss.exe[816] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 015F11C0 .text C:\WINNT\system32\csrss.exe[816] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 015F1290 .text C:\WINNT\system32\csrss.exe[816] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 015F2570 .text C:\WINNT\system32\csrss.exe[816] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 015F1000 .text C:\WINNT\system32\csrss.exe[816] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015F10A0 .text C:\WINNT\system32\csrss.exe[816] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 015F2510 .text C:\WINNT\system32\csrss.exe[816] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 015F1D10 .text C:\WINNT\system32\csrss.exe[816] WS2_32.dll!send 71A54C27 5 Bytes JMP 015F7250 .text C:\WINNT\system32\csrss.exe[816] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 015F2160 .text C:\WINNT\system32\csrss.exe[816] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 015F20A0 .text C:\WINNT\system32\csrss.exe[816] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 015F23A0 .text C:\WINNT\system32\winlogon.exe[844] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A66390 .text C:\WINNT\system32\winlogon.exe[844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A66640 .text C:\WINNT\system32\winlogon.exe[844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A653D0 .text C:\WINNT\system32\winlogon.exe[844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A65300 .text C:\WINNT\system32\winlogon.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A611C0 .text C:\WINNT\system32\winlogon.exe[844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A61290 .text C:\WINNT\system32\winlogon.exe[844] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01A62570 .text C:\WINNT\system32\winlogon.exe[844] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01A61000 .text C:\WINNT\system32\winlogon.exe[844] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01A610A0 .text C:\WINNT\system32\winlogon.exe[844] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01A62510 .text C:\WINNT\system32\winlogon.exe[844] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A61D10 .text C:\WINNT\system32\winlogon.exe[844] WS2_32.dll!send 71A54C27 5 Bytes JMP 01A67250 .text C:\WINNT\system32\winlogon.exe[844] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01A62160 .text C:\WINNT\system32\winlogon.exe[844] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01A620A0 .text C:\WINNT\system32\winlogon.exe[844] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01A623A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02006390 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02006640 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 020053D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02005300 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 020011C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02001290 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02002570 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02001000 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 020010A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02002510 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02001D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] WS2_32.dll!send 71A54C27 5 Bytes JMP 02007250 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02002160 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 020020A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[864] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 020023A0 .text C:\WINNT\system32\services.exe[888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01266390 .text C:\WINNT\system32\services.exe[888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01266640 .text C:\WINNT\system32\services.exe[888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012653D0 .text C:\WINNT\system32\services.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01265300 .text C:\WINNT\system32\services.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012611C0 .text C:\WINNT\system32\services.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01261290 .text C:\WINNT\system32\services.exe[888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01262570 .text C:\WINNT\system32\services.exe[888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01261000 .text C:\WINNT\system32\services.exe[888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012610A0 .text C:\WINNT\system32\services.exe[888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01262510 .text C:\WINNT\system32\services.exe[888] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01261D10 .text C:\WINNT\system32\services.exe[888] WS2_32.dll!send 71A54C27 5 Bytes JMP 01267250 .text C:\WINNT\system32\services.exe[888] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01262160 .text C:\WINNT\system32\services.exe[888] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 012620A0 .text C:\WINNT\system32\services.exe[888] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 012623A0 .text C:\WINNT\system32\Ati2evxx.exe[1056] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DB6390 .text C:\WINNT\system32\Ati2evxx.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DB6640 .text C:\WINNT\system32\Ati2evxx.exe[1056] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DB53D0 .text C:\WINNT\system32\Ati2evxx.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DB5300 .text C:\WINNT\system32\Ati2evxx.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB11C0 .text C:\WINNT\system32\Ati2evxx.exe[1056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB1290 .text C:\WINNT\system32\Ati2evxx.exe[1056] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DB2570 .text C:\WINNT\system32\Ati2evxx.exe[1056] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DB1000 .text C:\WINNT\system32\Ati2evxx.exe[1056] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DB10A0 .text C:\WINNT\system32\Ati2evxx.exe[1056] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DB2510 .text C:\WINNT\system32\Ati2evxx.exe[1056] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DB1D10 .text C:\WINNT\system32\Ati2evxx.exe[1056] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DB7250 .text C:\WINNT\system32\Ati2evxx.exe[1056] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00DB2160 .text C:\WINNT\system32\Ati2evxx.exe[1056] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00DB20A0 .text C:\WINNT\system32\Ati2evxx.exe[1056] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00DB23A0 .text C:\WINNT\system32\svchost.exe[1068] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02496390 .text C:\WINNT\system32\svchost.exe[1068] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02496640 .text C:\WINNT\system32\svchost.exe[1068] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024953D0 .text C:\WINNT\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02495300 .text C:\WINNT\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024911C0 .text C:\WINNT\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02491290 .text C:\WINNT\system32\svchost.exe[1068] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02492570 .text C:\WINNT\system32\svchost.exe[1068] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02491000 .text C:\WINNT\system32\svchost.exe[1068] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 024910A0 .text C:\WINNT\system32\svchost.exe[1068] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02492510 .text C:\WINNT\system32\svchost.exe[1068] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02491D10 .text C:\WINNT\system32\svchost.exe[1068] WS2_32.dll!send 71A54C27 5 Bytes JMP 02497250 .text C:\WINNT\system32\svchost.exe[1068] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02492160 .text C:\WINNT\system32\svchost.exe[1068] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 024920A0 .text C:\WINNT\system32\svchost.exe[1068] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 024923A0 .text C:\WINNT\system32\svchost.exe[1168] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EB6390 .text C:\WINNT\system32\svchost.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EB6640 .text C:\WINNT\system32\svchost.exe[1168] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EB53D0 .text C:\WINNT\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EB5300 .text C:\WINNT\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB11C0 .text C:\WINNT\system32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB1290 .text C:\WINNT\system32\svchost.exe[1168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EB2570 .text C:\WINNT\system32\svchost.exe[1168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EB1000 .text C:\WINNT\system32\svchost.exe[1168] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EB10A0 .text C:\WINNT\system32\svchost.exe[1168] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EB2510 .text C:\WINNT\system32\svchost.exe[1168] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EB1D10 .text C:\WINNT\system32\svchost.exe[1168] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EB7250 .text C:\WINNT\system32\svchost.exe[1168] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00EB2160 .text C:\WINNT\system32\svchost.exe[1168] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00EB20A0 .text C:\WINNT\system32\svchost.exe[1168] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00EB23A0 .text C:\WINNT\System32\svchost.exe[1204] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03AC6390 .text C:\WINNT\System32\svchost.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03AC6640 .text C:\WINNT\System32\svchost.exe[1204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03AC53D0 .text C:\WINNT\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03AC5300 .text C:\WINNT\System32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03AC11C0 .text C:\WINNT\System32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03AC1290 .text C:\WINNT\System32\svchost.exe[1204] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03AC2570 .text C:\WINNT\System32\svchost.exe[1204] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03AC1000 .text C:\WINNT\System32\svchost.exe[1204] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 03AC10A0 .text C:\WINNT\System32\svchost.exe[1204] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03AC2510 .text C:\WINNT\System32\svchost.exe[1204] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03AC1D10 .text C:\WINNT\System32\svchost.exe[1204] WS2_32.dll!send 71A54C27 5 Bytes JMP 03AC7250 .text C:\WINNT\System32\svchost.exe[1204] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 03AC2160 .text C:\WINNT\System32\svchost.exe[1204] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 03AC20A0 .text C:\WINNT\System32\svchost.exe[1204] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 03AC23A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 06D76390 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 06D76640 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 06D753D0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 06D75300 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06D711C0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06D71290 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 06D72570 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 06D71000 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 06D710A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 06D72510 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06D71D10 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] WS2_32.dll!send 71A54C27 5 Bytes JMP 06D77250 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 06D72160 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 06D720A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1240] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 06D723A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D66390 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D66640 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D653D0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D65300 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D611C0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D61290 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D62570 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D61000 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D610A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D62510 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D61D10 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D67250 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00D62160 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00D620A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1288] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00D623A0 .text C:\Program Files\Apoint\Apntex.exe[1348] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A56390 .text C:\Program Files\Apoint\Apntex.exe[1348] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A56640 .text C:\Program Files\Apoint\Apntex.exe[1348] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A553D0 .text C:\Program Files\Apoint\Apntex.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A55300 .text C:\Program Files\Apoint\Apntex.exe[1348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0 .text C:\Program Files\Apoint\Apntex.exe[1348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A51290 .text C:\Program Files\Apoint\Apntex.exe[1348] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A52570 .text C:\Program Files\Apoint\Apntex.exe[1348] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A51000 .text C:\Program Files\Apoint\Apntex.exe[1348] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A510A0 .text C:\Program Files\Apoint\Apntex.exe[1348] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A52510 .text C:\Program Files\Apoint\Apntex.exe[1348] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\Program Files\Apoint\Apntex.exe[1348] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A57250 .text C:\Program Files\Apoint\Apntex.exe[1348] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A52160 .text C:\Program Files\Apoint\Apntex.exe[1348] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A520A0 .text C:\Program Files\Apoint\Apntex.exe[1348] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A523A0 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01366390 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01366640 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013653D0 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01365300 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013611C0 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01361290 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01362570 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01361000 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013610A0 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01362510 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01361D10 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] WS2_32.dll!send 71A54C27 5 Bytes JMP 01367250 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01362160 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 013620A0 .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1376] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 013623A0 .text C:\WINNT\system32\Ati2evxx.exe[1468] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CB6390 .text C:\WINNT\system32\Ati2evxx.exe[1468] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CB6640 .text C:\WINNT\system32\Ati2evxx.exe[1468] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CB53D0 .text C:\WINNT\system32\Ati2evxx.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CB5300 .text C:\WINNT\system32\Ati2evxx.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB11C0 .text C:\WINNT\system32\Ati2evxx.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB1290 .text C:\WINNT\system32\Ati2evxx.exe[1468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CB2570 .text C:\WINNT\system32\Ati2evxx.exe[1468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CB1000 .text C:\WINNT\system32\Ati2evxx.exe[1468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CB10A0 .text C:\WINNT\system32\Ati2evxx.exe[1468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CB2510 .text C:\WINNT\system32\Ati2evxx.exe[1468] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CB1D10 .text C:\WINNT\system32\Ati2evxx.exe[1468] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CB7250 .text C:\WINNT\system32\Ati2evxx.exe[1468] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00CB2160 .text C:\WINNT\system32\Ati2evxx.exe[1468] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00CB20A0 .text C:\WINNT\system32\Ati2evxx.exe[1468] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00CB23A0 .text C:\WINNT\Explorer.EXE[1524] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 029B6390 .text C:\WINNT\Explorer.EXE[1524] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 029B6640 .text C:\WINNT\Explorer.EXE[1524] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 029B53D0 .text C:\WINNT\Explorer.EXE[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 029B5300 .text C:\WINNT\Explorer.EXE[1524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029B11C0 .text C:\WINNT\Explorer.EXE[1524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029B1290 .text C:\WINNT\Explorer.EXE[1524] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 029B2570 .text C:\WINNT\Explorer.EXE[1524] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 029B1000 .text C:\WINNT\Explorer.EXE[1524] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 029B10A0 .text C:\WINNT\Explorer.EXE[1524] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 029B2510 .text C:\WINNT\Explorer.EXE[1524] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 029B2160 .text C:\WINNT\Explorer.EXE[1524] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 029B20A0 .text C:\WINNT\Explorer.EXE[1524] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 029B23A0 .text C:\WINNT\Explorer.EXE[1524] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 029B1D10 .text C:\WINNT\Explorer.EXE[1524] WS2_32.dll!send 71A54C27 5 Bytes JMP 029B7250 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 07526390 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 07526640 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 075253D0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 07525300 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 075211C0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 07521290 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 07522570 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 07521000 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 075210A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 07522510 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 07521D10 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] WS2_32.dll!send 71A54C27 5 Bytes JMP 07527250 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 07522160 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 075220A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1604] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 075223A0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 06CF6390 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 06CF6640 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 06CF53D0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 06CF5300 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06CF11C0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06CF1290 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 06CF2570 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 06CF1000 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 06CF10A0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 06CF2510 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06CF1D10 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] WS2_32.dll!send 71A54C27 5 Bytes JMP 06CF7250 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 06CF2160 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 06CF20A0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1640] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 06CF23A0 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AA6390 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AA6640 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AA53D0 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AA5300 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA11C0 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA1290 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AA2570 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AA1000 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AA10A0 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AA2510 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AA1D10 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AA7250 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00AA2160 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00AA20A0 .text D:\Programy\adobe\Reader\Reader_sl.exe[1728] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00AA23A0 .text C:\Program Files\Skype\Updater\Updater.exe[1736] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010B6390 .text C:\Program Files\Skype\Updater\Updater.exe[1736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 010B6640 .text C:\Program Files\Skype\Updater\Updater.exe[1736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010B53D0 .text C:\Program Files\Skype\Updater\Updater.exe[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010B5300 .text C:\Program Files\Skype\Updater\Updater.exe[1736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B11C0 .text C:\Program Files\Skype\Updater\Updater.exe[1736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010B1290 .text C:\Program Files\Skype\Updater\Updater.exe[1736] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 010B2570 .text C:\Program Files\Skype\Updater\Updater.exe[1736] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 010B1000 .text C:\Program Files\Skype\Updater\Updater.exe[1736] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010B10A0 .text C:\Program Files\Skype\Updater\Updater.exe[1736] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 010B2510 .text C:\Program Files\Skype\Updater\Updater.exe[1736] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 010B1D10 .text C:\Program Files\Skype\Updater\Updater.exe[1736] WS2_32.dll!send 71A54C27 5 Bytes JMP 010B7250 .text C:\Program Files\Skype\Updater\Updater.exe[1736] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 010B2160 .text C:\Program Files\Skype\Updater\Updater.exe[1736] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 010B20A0 .text C:\Program Files\Skype\Updater\Updater.exe[1736] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 010B23A0 .text C:\WINNT\system32\svchost.exe[1772] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007B6390 .text C:\WINNT\system32\svchost.exe[1772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007B6640 .text C:\WINNT\system32\svchost.exe[1772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007B53D0 .text C:\WINNT\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007B5300 .text C:\WINNT\system32\svchost.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B11C0 .text C:\WINNT\system32\svchost.exe[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B1290 .text C:\WINNT\system32\svchost.exe[1772] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007B2570 .text C:\WINNT\system32\svchost.exe[1772] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007B1000 .text C:\WINNT\system32\svchost.exe[1772] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007B10A0 .text C:\WINNT\system32\svchost.exe[1772] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007B2510 .text C:\WINNT\system32\svchost.exe[1772] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007B1D10 .text C:\WINNT\system32\svchost.exe[1772] WS2_32.dll!send 71A54C27 5 Bytes JMP 007B7250 .text C:\WINNT\system32\svchost.exe[1772] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 007B2160 .text C:\WINNT\system32\svchost.exe[1772] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 007B20A0 .text C:\WINNT\system32\svchost.exe[1772] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 007B23A0 .text C:\WINNT\system32\svchost.exe[1852] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINNT\system32\svchost.exe[1852] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINNT\system32\svchost.exe[1852] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINNT\system32\svchost.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\WINNT\system32\svchost.exe[1852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINNT\system32\svchost.exe[1852] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290 .text C:\WINNT\system32\svchost.exe[1852] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570 .text C:\WINNT\system32\svchost.exe[1852] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000 .text C:\WINNT\system32\svchost.exe[1852] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C110A0 .text C:\WINNT\system32\svchost.exe[1852] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C12510 .text C:\WINNT\system32\svchost.exe[1852] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINNT\system32\svchost.exe[1852] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C17250 .text C:\WINNT\system32\svchost.exe[1852] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C12160 .text C:\WINNT\system32\svchost.exe[1852] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C120A0 .text C:\WINNT\system32\svchost.exe[1852] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C123A0 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EC6390 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EC6640 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EC53D0 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EC5300 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC11C0 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC1290 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EC2570 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EC1000 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EC10A0 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EC2510 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EC1D10 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EC7250 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] WININET.dll!HttpSendRequestW 0250FACE 5 Bytes JMP 00EC2160 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] WININET.dll!HttpSendRequestA 0251EEA1 5 Bytes JMP 00EC20A0 .text C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe[1912] WININET.dll!InternetWriteFile 02566116 5 Bytes JMP 00EC23A0 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01DD6390 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01DD6640 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01DD53D0 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01DD5300 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01DD11C0 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01DD1290 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01DD2570 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01DD1000 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01DD10A0 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01DD2510 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01DD2160 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01DD20A0 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01DD23A0 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01DD1D10 .text C:\Program Files\ExpressFiles\EFUpdater.exe[1928] WS2_32.dll!send 71A54C27 5 Bytes JMP 01DD7250 .text C:\WINNT\System32\wltrysvc.exe[1972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A06390 .text C:\WINNT\System32\wltrysvc.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A06640 .text C:\WINNT\System32\wltrysvc.exe[1972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A053D0 .text C:\WINNT\System32\wltrysvc.exe[1972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A05300 .text C:\WINNT\System32\wltrysvc.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A011C0 .text C:\WINNT\System32\wltrysvc.exe[1972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A01290 .text C:\WINNT\System32\wltrysvc.exe[1972] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A02570 .text C:\WINNT\System32\wltrysvc.exe[1972] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A01000 .text C:\WINNT\System32\wltrysvc.exe[1972] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A010A0 .text C:\WINNT\System32\wltrysvc.exe[1972] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A02510 .text C:\WINNT\System32\wltrysvc.exe[1972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A01D10 .text C:\WINNT\System32\wltrysvc.exe[1972] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A07250 .text C:\WINNT\System32\wltrysvc.exe[1972] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A02160 .text C:\WINNT\System32\wltrysvc.exe[1972] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A020A0 .text C:\WINNT\System32\wltrysvc.exe[1972] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A023A0 .text C:\WINNT\System32\bcmwltry.exe[1984] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01426390 .text C:\WINNT\System32\bcmwltry.exe[1984] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01426640 .text C:\WINNT\System32\bcmwltry.exe[1984] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 014253D0 .text C:\WINNT\System32\bcmwltry.exe[1984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01425300 .text C:\WINNT\System32\bcmwltry.exe[1984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014211C0 .text C:\WINNT\System32\bcmwltry.exe[1984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01421290 .text C:\WINNT\System32\bcmwltry.exe[1984] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01422570 .text C:\WINNT\System32\bcmwltry.exe[1984] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01421000 .text C:\WINNT\System32\bcmwltry.exe[1984] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 014210A0 .text C:\WINNT\System32\bcmwltry.exe[1984] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01422510 .text C:\WINNT\System32\bcmwltry.exe[1984] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01422160 .text C:\WINNT\System32\bcmwltry.exe[1984] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 014220A0 .text C:\WINNT\System32\bcmwltry.exe[1984] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 014223A0 .text C:\WINNT\System32\bcmwltry.exe[1984] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01421D10 .text C:\WINNT\System32\bcmwltry.exe[1984] WS2_32.dll!send 71A54C27 5 Bytes JMP 01427250 .text C:\WINNT\system32\wdfmgr.exe[2072] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008A6390 .text C:\WINNT\system32\wdfmgr.exe[2072] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008A6640 .text C:\WINNT\system32\wdfmgr.exe[2072] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008A53D0 .text C:\WINNT\system32\wdfmgr.exe[2072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A5300 .text C:\WINNT\system32\wdfmgr.exe[2072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A11C0 .text C:\WINNT\system32\wdfmgr.exe[2072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A1290 .text C:\WINNT\system32\wdfmgr.exe[2072] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008A2570 .text C:\WINNT\system32\wdfmgr.exe[2072] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008A1000 .text C:\WINNT\system32\wdfmgr.exe[2072] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008A10A0 .text C:\WINNT\system32\wdfmgr.exe[2072] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008A2510 .text C:\WINNT\system32\wdfmgr.exe[2072] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008A1D10 .text C:\WINNT\system32\wdfmgr.exe[2072] WS2_32.dll!send 71A54C27 5 Bytes JMP 008A7250 .text C:\WINNT\system32\wdfmgr.exe[2072] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 008A2160 .text C:\WINNT\system32\wdfmgr.exe[2072] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 008A20A0 .text C:\WINNT\system32\wdfmgr.exe[2072] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 008A23A0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EB6390 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EB6640 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EB53D0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EB5300 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB11C0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB1290 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EB2570 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EB1000 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EB10A0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EB2510 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EB1D10 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EB7250 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00EB2160 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00EB20A0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2260] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00EB23A0 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00156390 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00156640 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001553D0 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00155300 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00151290 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00152570 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00151000 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001510A0 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00152510 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] WS2_32.dll!send 71A54C27 5 Bytes JMP 00157250 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00152160 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001520A0 .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2632] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001523A0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F36390 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F36640 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F353D0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F35300 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F311C0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F31290 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F32570 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F31000 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F310A0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F32510 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F31D10 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F37250 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00F32160 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00F320A0 .text C:\WINNT\system32\wbem\wmiprvse.exe[2912] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00F323A0 .text C:\WINNT\system32\rundll32.exe[3276] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E46390 .text C:\WINNT\system32\rundll32.exe[3276] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E46640 .text C:\WINNT\system32\rundll32.exe[3276] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E453D0 .text C:\WINNT\system32\rundll32.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E45300 .text C:\WINNT\system32\rundll32.exe[3276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E411C0 .text C:\WINNT\system32\rundll32.exe[3276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E41290 .text C:\WINNT\system32\rundll32.exe[3276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E42570 .text C:\WINNT\system32\rundll32.exe[3276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E41000 .text C:\WINNT\system32\rundll32.exe[3276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E410A0 .text C:\WINNT\system32\rundll32.exe[3276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E42510 .text C:\WINNT\system32\rundll32.exe[3276] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E41D10 .text C:\WINNT\system32\rundll32.exe[3276] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E47250 .text C:\WINNT\system32\rundll32.exe[3276] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E42160 .text C:\WINNT\system32\rundll32.exe[3276] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E420A0 .text C:\WINNT\system32\rundll32.exe[3276] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E423A0 .text C:\WINNT\System32\alg.exe[3316] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B46390 .text C:\WINNT\System32\alg.exe[3316] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B46640 .text C:\WINNT\System32\alg.exe[3316] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B453D0 .text C:\WINNT\System32\alg.exe[3316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B45300 .text C:\WINNT\System32\alg.exe[3316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B411C0 .text C:\WINNT\System32\alg.exe[3316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B41290 .text C:\WINNT\System32\alg.exe[3316] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B42570 .text C:\WINNT\System32\alg.exe[3316] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B41000 .text C:\WINNT\System32\alg.exe[3316] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B410A0 .text C:\WINNT\System32\alg.exe[3316] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B42510 .text C:\WINNT\System32\alg.exe[3316] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B41D10 .text C:\WINNT\System32\alg.exe[3316] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B47250 .text C:\WINNT\System32\alg.exe[3316] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B42160 .text C:\WINNT\System32\alg.exe[3316] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B420A0 .text C:\WINNT\System32\alg.exe[3316] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B423A0 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x40 0xEB 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x61 0x61 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x40 0xEB 0x7C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x61 0x61 0x2C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Ujawaq C:\Documents and Settings\Andrzej\Dane aplikacji\Ujawaq.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Andrzej\Dane aplikacji\Ujawaq.exe Ujawaq Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-28964 Wybrana zosta?a opcja wy?wietlania chronionych plik?w systemu operacyjnego (pliki z atrybutami Systemowy i Ukryty) w Eksploratorze Windows. S? to pliki wymagane do uruchamiania i pracy systemu Windows. Usuni?cie lub edycja tych plik?w mog? spowodowa? niemo?no?? korzystania z komputera. Czy na pewno chcesz wy?wietla? te pliki? ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Andrzej\Dane aplikacji\Ujawaq.exe 930962 bytes executable ---- EOF - GMER 1.0.15 ----