GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-20 22:49:48 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3OA60A Running: gyhq2rgz.exe; Driver: C:\DOCUME~1\stefan\USTAWI~1\Temp\pxtoapow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Java\jre7\bin\jqs.exe[220] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01396390 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01396640 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013953D0 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01395300 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013911C0 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01391290 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01392510 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 013910A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01391000 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01392570 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01391D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] WS2_32.dll!send 71A5428A 5 Bytes JMP 01397250 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 013920A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 013923A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[220] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01392160 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 03426390 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 03426640 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 034253D0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 03425300 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 034211C0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 03421290 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 03422510 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 034210A0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 03421000 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 03422570 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03421D10 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] WS2_32.dll!send 71A5428A 5 Bytes JMP 03427250 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 034220A0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 034223A0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamservice.exe[236] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 03422160 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009D6390 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009D6640 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009D53D0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009D5300 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009D1290 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009D2510 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009D10A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009D1000 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009D2570 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009D1D10 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] WS2_32.dll!send 71A5428A 5 Bytes JMP 009D7250 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009D20A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009D23A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[324] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 009D2160 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00946390 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00946640 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009453D0 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00945300 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009411C0 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00941290 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00942510 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009410A0 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00941000 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00942570 .text C:\WINDOWS\system32\svchost.exe[380] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00941D10 .text C:\WINDOWS\system32\svchost.exe[380] WS2_32.dll!send 71A5428A 5 Bytes JMP 00947250 .text C:\WINDOWS\system32\svchost.exe[380] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009420A0 .text C:\WINDOWS\system32\svchost.exe[380] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009423A0 .text C:\WINDOWS\system32\svchost.exe[380] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00942160 .text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01426390 .text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01426640 .text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 014253D0 .text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01425300 .text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 014211C0 .text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 01421290 .text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!MoveFileA 7C822294 5 Bytes JMP 01422510 .text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!CopyFileW 7C825779 5 Bytes JMP 014210A0 .text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!CopyFileA 7C830053 5 Bytes JMP 01421000 .text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!MoveFileW 7C839659 5 Bytes JMP 01422570 .text C:\WINDOWS\system32\csrss.exe[504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01421D10 .text C:\WINDOWS\system32\csrss.exe[504] WS2_32.dll!send 71A5428A 5 Bytes JMP 01427250 .text C:\WINDOWS\system32\csrss.exe[504] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 014220A0 .text C:\WINDOWS\system32\csrss.exe[504] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 014223A0 .text C:\WINDOWS\system32\csrss.exe[504] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01422160 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01436390 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01436640 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 014353D0 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01435300 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 014311C0 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01431290 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01432510 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 014310A0 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01431000 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01432570 .text C:\WINDOWS\system32\winlogon.exe[528] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01431D10 .text C:\WINDOWS\system32\winlogon.exe[528] WS2_32.dll!send 71A5428A 5 Bytes JMP 01437250 .text C:\WINDOWS\system32\winlogon.exe[528] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 014320A0 .text C:\WINDOWS\system32\winlogon.exe[528] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 014323A0 .text C:\WINDOWS\system32\winlogon.exe[528] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01432160 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 037C6390 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 037C6640 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 037C53D0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 037C5300 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 037C11C0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 037C1290 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 037C2510 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 037C10A0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 037C1000 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 037C2570 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 037C1D10 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] WS2_32.dll!send 71A5428A 5 Bytes JMP 037C7250 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 037C20A0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 037C23A0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[752] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 037C2160 .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DF6390 .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DF6640 .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00DF53D0 .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DF5300 .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DF11C0 .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00DF1290 .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00DF2510 .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00DF10A0 .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00DF1000 .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00DF2570 .text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DF1D10 .text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DF7250 .text C:\WINDOWS\system32\services.exe[820] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00DF20A0 .text C:\WINDOWS\system32\services.exe[820] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00DF23A0 .text C:\WINDOWS\system32\services.exe[820] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00DF2160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00B86390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B86640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00B853D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B85300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B811C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B81290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00B82510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00B810A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00B81000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00B82570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B81D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B87250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00B820A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00B823A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[964] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00B82160 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C96390 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C96640 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00C953D0 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C95300 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C911C0 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00C91290 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00C92510 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00C910A0 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00C91000 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00C92570 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C91D10 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C97250 .text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00C920A0 .text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00C923A0 .text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00C92160 .text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00816390 .text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00816640 .text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 008153D0 .text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00815300 .text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008111C0 .text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00811290 .text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00812510 .text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008110A0 .text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00811000 .text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00812570 .text C:\WINDOWS\System32\alg.exe[1120] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00811D10 .text C:\WINDOWS\System32\alg.exe[1120] WS2_32.dll!send 71A5428A 5 Bytes JMP 00817250 .text C:\WINDOWS\System32\alg.exe[1120] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 008120A0 .text C:\WINDOWS\System32\alg.exe[1120] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 008123A0 .text C:\WINDOWS\System32\alg.exe[1120] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00812160 .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A06390 .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A06640 .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00A053D0 .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A05300 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A011C0 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A01290 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00A02510 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00A010A0 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00A01000 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00A02570 .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A01D10 .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A07250 .text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00A020A0 .text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00A023A0 .text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00A02160 .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 028F6390 .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 028F6640 .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 028F53D0 .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 028F5300 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 028F11C0 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 028F1290 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 028F2510 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 028F10A0 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 028F1000 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 028F2570 .text C:\WINDOWS\System32\svchost.exe[1224] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 028F1D10 .text C:\WINDOWS\System32\svchost.exe[1224] WS2_32.dll!send 71A5428A 5 Bytes JMP 028F7250 .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 028F20A0 .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 028F23A0 .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 028F2160 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 06206390 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 06206640 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 062053D0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 06205300 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 062011C0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 06201290 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 06202510 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 062010A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 06201000 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 06202570 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06201D10 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] WS2_32.dll!send 71A5428A 5 Bytes JMP 06207250 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 062020A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 062023A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1264] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 06202160 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011F6390 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011F6640 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 011F53D0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 011F5300 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011F11C0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011F1290 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 011F2510 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011F10A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 011F1000 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 011F2570 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011F1D10 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] WS2_32.dll!send 71A5428A 5 Bytes JMP 011F7250 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 011F20A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 011F23A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1328] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 011F2160 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01696390 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01696640 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 016953D0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01695300 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016911C0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01691290 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01692510 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 016910A0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01691000 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01692570 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01691D10 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] WS2_32.dll!send 71A5428A 5 Bytes JMP 01697250 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 016920A0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 016923A0 .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1352] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01692160 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00796390 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00796640 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 007953D0 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00795300 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007911C0 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00791290 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00792510 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007910A0 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00791000 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00792570 .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00791D10 .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!send 71A5428A 5 Bytes JMP 00797250 .text C:\WINDOWS\system32\svchost.exe[1408] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 007920A0 .text C:\WINDOWS\system32\svchost.exe[1408] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 007923A0 .text C:\WINDOWS\system32\svchost.exe[1408] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00792160 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00156390 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156640 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001553D0 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00155300 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00151290 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00152510 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001510A0 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00151000 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00152570 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] WS2_32.dll!send 71A5428A 5 Bytes JMP 00157250 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001520A0 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 001523A0 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00152160 .text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009D6390 .text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009D6640 .text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009D53D0 .text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009D5300 .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0 .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009D1290 .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009D2510 .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009D10A0 .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009D1000 .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009D2570 .text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009D1D10 .text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!send 71A5428A 5 Bytes JMP 009D7250 .text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009D20A0 .text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009D23A0 .text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 009D2160 .text C:\WINDOWS\system32\wuauclt.exe[1620] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000B6390 .text C:\WINDOWS\system32\wuauclt.exe[1620] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000B6640 .text C:\WINDOWS\system32\wuauclt.exe[1620] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000B53D0 .text C:\WINDOWS\system32\wuauclt.exe[1620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000B5300 .text C:\WINDOWS\system32\wuauclt.exe[1620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\wuauclt.exe[1620] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000B1290 .text C:\WINDOWS\system32\wuauclt.exe[1620] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000B2510 .text C:\WINDOWS\system32\wuauclt.exe[1620] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\wuauclt.exe[1620] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\wuauclt.exe[1620] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000B2570 .text C:\WINDOWS\system32\wuauclt.exe[1620] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\system32\wuauclt.exe[1620] WS2_32.dll!send 71A5428A 5 Bytes JMP 000B7250 .text C:\WINDOWS\system32\wuauclt.exe[1620] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 000B20A0 .text C:\WINDOWS\system32\wuauclt.exe[1620] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 000B23A0 .text C:\WINDOWS\system32\wuauclt.exe[1620] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 000B2160 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009F6390 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009F6640 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009F53D0 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009F5300 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F11C0 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009F1290 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009F2510 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009F10A0 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009F1000 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009F2570 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009F1D10 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] WS2_32.dll!send 71A5428A 5 Bytes JMP 009F7250 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 009F20A0 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 009F23A0 .text C:\WINDOWS\System32\WLTRYSVC.EXE[1656] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 009F2160 .text C:\WINDOWS\System32\bcmwltry.exe[1668] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011A6390 .text C:\WINDOWS\System32\bcmwltry.exe[1668] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011A6640 .text C:\WINDOWS\System32\bcmwltry.exe[1668] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 011A53D0 .text C:\WINDOWS\System32\bcmwltry.exe[1668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 011A5300 .text C:\WINDOWS\System32\bcmwltry.exe[1668] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011A11C0 .text C:\WINDOWS\System32\bcmwltry.exe[1668] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011A1290 .text C:\WINDOWS\System32\bcmwltry.exe[1668] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 011A2510 .text C:\WINDOWS\System32\bcmwltry.exe[1668] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011A10A0 .text C:\WINDOWS\System32\bcmwltry.exe[1668] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 011A1000 .text C:\WINDOWS\System32\bcmwltry.exe[1668] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 011A2570 .text C:\WINDOWS\System32\bcmwltry.exe[1668] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 011A20A0 .text C:\WINDOWS\System32\bcmwltry.exe[1668] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 011A23A0 .text C:\WINDOWS\System32\bcmwltry.exe[1668] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 011A2160 .text C:\WINDOWS\System32\bcmwltry.exe[1668] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011A1D10 .text C:\WINDOWS\System32\bcmwltry.exe[1668] WS2_32.dll!send 71A5428A 5 Bytes JMP 011A7250 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00AF6390 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00AF6640 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00AF53D0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AF5300 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AF11C0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AF1290 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00AF2510 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00AF10A0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00AF1000 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00AF2570 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AF1D10 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] WS2_32.dll!send 71A5428A 5 Bytes JMP 00AF7250 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00AF20A0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00AF23A0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00AF2160 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 04646390 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 04646640 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 046453D0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 04645300 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 046411C0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 04641290 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 04642510 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 046410A0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 04641000 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 04642570 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 04641D10 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] WS2_32.dll!send 71A5428A 5 Bytes JMP 04647250 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 046420A0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 046423A0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1724] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 04642160 .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\spoolsv.exe[1936] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\spoolsv.exe[1936] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\spoolsv.exe[1936] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\spoolsv.exe[1936] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00A323A0 .text C:\WINDOWS\system32\spoolsv.exe[1936] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00A32160 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D76390 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D76640 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00D753D0 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D75300 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D711C0 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D71290 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00D72510 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00D710A0 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00D71000 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00D72570 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D71D10 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D77250 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00D720A0 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00D723A0 .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1996] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00D72160 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] wininet.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001620A0 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] wininet.dll!InternetWriteFile 771E7953 5 Bytes JMP 001623A0 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] wininet.dll!HttpSendRequestW 77201808 5 Bytes JMP 00162160 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01B96390 .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01B96640 .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01B953D0 .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01B95300 .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01B911C0 .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01B91290 .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01B92510 .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 01B910A0 .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01B91000 .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01B92570 .text C:\WINDOWS\Explorer.EXE[2084] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01B920A0 .text C:\WINDOWS\Explorer.EXE[2084] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01B923A0 .text C:\WINDOWS\Explorer.EXE[2084] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01B92160 .text C:\WINDOWS\Explorer.EXE[2084] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01B91D10 .text C:\WINDOWS\Explorer.EXE[2084] WS2_32.dll!send 71A5428A 5 Bytes JMP 01B97250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 000A2160 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01666390 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01666640 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 016653D0 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01665300 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016611C0 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01661290 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01662510 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 016610A0 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01661000 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01662570 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01661D10 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] WS2_32.dll!send 71A5428A 5 Bytes JMP 01667250 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 016620A0 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 016623A0 .text C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01662160 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01216390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01216640 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 012153D0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01215300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012111C0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01211290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01212510 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 012110A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01211000 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01212570 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01211D10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] WS2_32.dll!send 71A5428A 5 Bytes JMP 01217250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 012120A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 012123A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01212160 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 015F6390 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 015F6640 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 015F53D0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 015F5300 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015F11C0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 015F1290 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 015F2510 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 015F10A0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 015F1000 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 015F2570 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 015F1D10 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] WS2_32.dll!send 71A5428A 5 Bytes JMP 015F7250 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 015F20A0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 015F23A0 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 015F2160 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 06A16390 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 06A16640 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 06A153D0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 06A15300 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 06A111C0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 06A11290 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 06A12510 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 06A110A0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 06A11000 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 06A12570 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06A11D10 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] WS2_32.dll!send 71A5428A 5 Bytes JMP 06A17250 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 06A120A0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 06A123A0 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 06A12160 .text C:\WINDOWS\system32\wscntfy.exe[2492] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00326390 .text C:\WINDOWS\system32\wscntfy.exe[2492] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00326640 .text C:\WINDOWS\system32\wscntfy.exe[2492] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 003253D0 .text C:\WINDOWS\system32\wscntfy.exe[2492] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00325300 .text C:\WINDOWS\system32\wscntfy.exe[2492] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003211C0 .text C:\WINDOWS\system32\wscntfy.exe[2492] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00321290 .text C:\WINDOWS\system32\wscntfy.exe[2492] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00322510 .text C:\WINDOWS\system32\wscntfy.exe[2492] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 003210A0 .text C:\WINDOWS\system32\wscntfy.exe[2492] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00321000 .text C:\WINDOWS\system32\wscntfy.exe[2492] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00322570 .text C:\WINDOWS\system32\wscntfy.exe[2492] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00321D10 .text C:\WINDOWS\system32\wscntfy.exe[2492] WS2_32.dll!send 71A5428A 5 Bytes JMP 00327250 .text C:\WINDOWS\system32\wscntfy.exe[2492] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 003220A0 .text C:\WINDOWS\system32\wscntfy.exe[2492] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 003223A0 .text C:\WINDOWS\system32\wscntfy.exe[2492] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00322160 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00536390 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00536640 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 005353D0 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00535300 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 005311C0 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00531290 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00532510 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 005310A0 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00531000 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00532570 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00531D10 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] WS2_32.dll!send 71A5428A 5 Bytes JMP 00537250 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 005320A0 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 005323A0 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00532160 .text C:\WINDOWS\system32\WLTRAY.exe[2548] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00306390 .text C:\WINDOWS\system32\WLTRAY.exe[2548] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00306640 .text C:\WINDOWS\system32\WLTRAY.exe[2548] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 003053D0 .text C:\WINDOWS\system32\WLTRAY.exe[2548] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00305300 .text C:\WINDOWS\system32\WLTRAY.exe[2548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003011C0 .text C:\WINDOWS\system32\WLTRAY.exe[2548] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00301290 .text C:\WINDOWS\system32\WLTRAY.exe[2548] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00302510 .text C:\WINDOWS\system32\WLTRAY.exe[2548] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 003010A0 .text C:\WINDOWS\system32\WLTRAY.exe[2548] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00301000 .text C:\WINDOWS\system32\WLTRAY.exe[2548] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00302570 .text C:\WINDOWS\system32\WLTRAY.exe[2548] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00301D10 .text C:\WINDOWS\system32\WLTRAY.exe[2548] WS2_32.dll!send 71A5428A 3 Bytes JMP 00307250 .text C:\WINDOWS\system32\WLTRAY.exe[2548] WS2_32.dll!send + 4 71A5428E 1 Byte [8E] .text C:\WINDOWS\system32\WLTRAY.exe[2548] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 003020A0 .text C:\WINDOWS\system32\WLTRAY.exe[2548] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 003023A0 .text C:\WINDOWS\system32\WLTRAY.exe[2548] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00302160 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01536390 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01536640 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 015353D0 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01535300 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015311C0 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01531290 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01532510 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 015310A0 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01531000 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01532570 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01531D10 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] WS2_32.dll!send 71A5428A 5 Bytes JMP 01537250 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 015320A0 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 015323A0 .text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01532160 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01136390 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01136640 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 011353D0 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01135300 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011311C0 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01131290 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01132510 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011310A0 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01131000 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01132570 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01131D10 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] WS2_32.dll!send 71A5428A 5 Bytes JMP 01137250 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 011320A0 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 011323A0 .text C:\WINDOWS\system32\ElkCtrl.exe[2612] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01132160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 002E6390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 002E6640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 002E53D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 002E5300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 002E11C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 002E1290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 002E2510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 002E10A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 002E1000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 002E2570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 002E20A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 002E23A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 002E2160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 002E1D10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] WS2_32.dll!send 71A5428A 5 Bytes JMP 002E7250 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DA6390 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DA6640 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00DA53D0 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DA5300 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DA11C0 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00DA1290 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00DA2510 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00DA10A0 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00DA1000 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00DA2570 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DA1D10 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DA7250 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00DA20A0 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00DA23A0 .text C:\Program Files\Ahead\InCD\InCD.exe[2684] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00DA2160 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 012A6390 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 012A6640 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 012A53D0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 012A5300 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012A11C0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 012A1290 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 012A2510 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 012A10A0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 012A1000 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 012A2570 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012A1D10 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] WS2_32.dll!send 71A5428A 5 Bytes JMP 012A7250 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 012A20A0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 012A23A0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 012A2160 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00FA6390 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00FA6640 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00FA53D0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00FA5300 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FA11C0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FA1290 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00FA2510 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00FA10A0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00FA1000 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00FA2570 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FA1D10 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] WS2_32.dll!send 71A5428A 5 Bytes JMP 00FA7250 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00FA20A0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00FA23A0 .text C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00FA2160 .text C:\WINDOWS\system32\igfxtray.exe[2740] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01006390 .text C:\WINDOWS\system32\igfxtray.exe[2740] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01006640 .text C:\WINDOWS\system32\igfxtray.exe[2740] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 010053D0 .text C:\WINDOWS\system32\igfxtray.exe[2740] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01005300 .text C:\WINDOWS\system32\igfxtray.exe[2740] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010011C0 .text C:\WINDOWS\system32\igfxtray.exe[2740] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01001290 .text C:\WINDOWS\system32\igfxtray.exe[2740] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01002510 .text C:\WINDOWS\system32\igfxtray.exe[2740] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 010010A0 .text C:\WINDOWS\system32\igfxtray.exe[2740] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01001000 .text C:\WINDOWS\system32\igfxtray.exe[2740] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01002570 .text C:\WINDOWS\system32\igfxtray.exe[2740] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01001D10 .text C:\WINDOWS\system32\igfxtray.exe[2740] WS2_32.dll!send 71A5428A 5 Bytes JMP 01007250 .text C:\WINDOWS\system32\igfxtray.exe[2740] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 010020A0 .text C:\WINDOWS\system32\igfxtray.exe[2740] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 010023A0 .text C:\WINDOWS\system32\igfxtray.exe[2740] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01002160 .text C:\WINDOWS\system32\hkcmd.exe[2752] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E56390 .text C:\WINDOWS\system32\hkcmd.exe[2752] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E56640 .text C:\WINDOWS\system32\hkcmd.exe[2752] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E553D0 .text C:\WINDOWS\system32\hkcmd.exe[2752] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E55300 .text C:\WINDOWS\system32\hkcmd.exe[2752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E511C0 .text C:\WINDOWS\system32\hkcmd.exe[2752] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E51290 .text C:\WINDOWS\system32\hkcmd.exe[2752] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00E52510 .text C:\WINDOWS\system32\hkcmd.exe[2752] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00E510A0 .text C:\WINDOWS\system32\hkcmd.exe[2752] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00E51000 .text C:\WINDOWS\system32\hkcmd.exe[2752] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00E52570 .text C:\WINDOWS\system32\hkcmd.exe[2752] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E51D10 .text C:\WINDOWS\system32\hkcmd.exe[2752] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E57250 .text C:\WINDOWS\system32\hkcmd.exe[2752] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00E520A0 .text C:\WINDOWS\system32\hkcmd.exe[2752] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00E523A0 .text C:\WINDOWS\system32\hkcmd.exe[2752] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00E52160 .text C:\WINDOWS\system32\igfxpers.exe[2780] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DD6390 .text C:\WINDOWS\system32\igfxpers.exe[2780] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DD6640 .text C:\WINDOWS\system32\igfxpers.exe[2780] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00DD53D0 .text C:\WINDOWS\system32\igfxpers.exe[2780] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DD5300 .text C:\WINDOWS\system32\igfxpers.exe[2780] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DD11C0 .text C:\WINDOWS\system32\igfxpers.exe[2780] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00DD1290 .text C:\WINDOWS\system32\igfxpers.exe[2780] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00DD2510 .text C:\WINDOWS\system32\igfxpers.exe[2780] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00DD10A0 .text C:\WINDOWS\system32\igfxpers.exe[2780] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00DD1000 .text C:\WINDOWS\system32\igfxpers.exe[2780] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00DD2570 .text C:\WINDOWS\system32\igfxpers.exe[2780] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DD1D10 .text C:\WINDOWS\system32\igfxpers.exe[2780] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DD7250 .text C:\WINDOWS\system32\igfxpers.exe[2780] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00DD20A0 .text C:\WINDOWS\system32\igfxpers.exe[2780] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00DD23A0 .text C:\WINDOWS\system32\igfxpers.exe[2780] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00DD2160 .text C:\WINDOWS\RTHDCPL.EXE[2792] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 026D6390 .text C:\WINDOWS\RTHDCPL.EXE[2792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 026D6640 .text C:\WINDOWS\RTHDCPL.EXE[2792] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 026D53D0 .text C:\WINDOWS\RTHDCPL.EXE[2792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 026D5300 .text C:\WINDOWS\RTHDCPL.EXE[2792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 026D11C0 .text C:\WINDOWS\RTHDCPL.EXE[2792] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 026D1290 .text C:\WINDOWS\RTHDCPL.EXE[2792] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 026D2510 .text C:\WINDOWS\RTHDCPL.EXE[2792] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 026D10A0 .text C:\WINDOWS\RTHDCPL.EXE[2792] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 026D1000 .text C:\WINDOWS\RTHDCPL.EXE[2792] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 026D2570 .text C:\WINDOWS\RTHDCPL.EXE[2792] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 026D1D10 .text C:\WINDOWS\RTHDCPL.EXE[2792] WS2_32.dll!send 71A5428A 5 Bytes JMP 026D7250 .text C:\WINDOWS\RTHDCPL.EXE[2792] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 026D20A0 .text C:\WINDOWS\RTHDCPL.EXE[2792] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 026D23A0 .text C:\WINDOWS\RTHDCPL.EXE[2792] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 026D2160 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001620A0 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 001623A0 .text C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01506390 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01506640 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 015053D0 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01505300 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015011C0 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01501290 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01502510 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 015010A0 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01501000 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01502570 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01501D10 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] WS2_32.dll!send 71A5428A 5 Bytes JMP 01507250 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 015020A0 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 015023A0 .text C:\WINDOWS\system32\LVCOMSX.EXE[2840] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01502160 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 004E6390 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 004E6640 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 004E53D0 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004E5300 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 004E11C0 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 004E1290 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 004E2510 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 004E10A0 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 004E1000 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 004E2570 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 004E1D10 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] WS2_32.dll!send 71A5428A 5 Bytes JMP 004E7250 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 004E20A0 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 004E23A0 .text C:\WINDOWS\system32\igfxsrvc.exe[3036] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 004E2160 .text C:\WINDOWS\system32\ctfmon.exe[3060] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A56390 .text C:\WINDOWS\system32\ctfmon.exe[3060] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A56640 .text C:\WINDOWS\system32\ctfmon.exe[3060] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00A553D0 .text C:\WINDOWS\system32\ctfmon.exe[3060] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A55300 .text C:\WINDOWS\system32\ctfmon.exe[3060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A511C0 .text C:\WINDOWS\system32\ctfmon.exe[3060] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A51290 .text C:\WINDOWS\system32\ctfmon.exe[3060] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00A52510 .text C:\WINDOWS\system32\ctfmon.exe[3060] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00A510A0 .text C:\WINDOWS\system32\ctfmon.exe[3060] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00A51000 .text C:\WINDOWS\system32\ctfmon.exe[3060] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00A52570 .text C:\WINDOWS\system32\ctfmon.exe[3060] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\system32\ctfmon.exe[3060] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A57250 .text C:\WINDOWS\system32\ctfmon.exe[3060] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00A520A0 .text C:\WINDOWS\system32\ctfmon.exe[3060] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00A523A0 .text C:\WINDOWS\system32\ctfmon.exe[3060] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00A52160 .text C:\Program Files\Skype\Phone\Skype.exe[3136] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 029F6390 .text C:\Program Files\Skype\Phone\Skype.exe[3136] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 029F6640 .text C:\Program Files\Skype\Phone\Skype.exe[3136] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 029F53D0 .text C:\Program Files\Skype\Phone\Skype.exe[3136] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 029F5300 .text C:\Program Files\Skype\Phone\Skype.exe[3136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 029F11C0 .text C:\Program Files\Skype\Phone\Skype.exe[3136] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 029F1290 .text C:\Program Files\Skype\Phone\Skype.exe[3136] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 029F2510 .text C:\Program Files\Skype\Phone\Skype.exe[3136] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 029F10A0 .text C:\Program Files\Skype\Phone\Skype.exe[3136] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 029F1000 .text C:\Program Files\Skype\Phone\Skype.exe[3136] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 029F2570 .text C:\Program Files\Skype\Phone\Skype.exe[3136] wininet.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 029F20A0 .text C:\Program Files\Skype\Phone\Skype.exe[3136] wininet.dll!InternetWriteFile 771E7953 5 Bytes JMP 029F23A0 .text C:\Program Files\Skype\Phone\Skype.exe[3136] wininet.dll!HttpSendRequestW 77201808 5 Bytes JMP 029F2160 .text C:\Program Files\Skype\Phone\Skype.exe[3136] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 029F1D10 .text C:\Program Files\Skype\Phone\Skype.exe[3136] WS2_32.dll!send 71A5428A 5 Bytes JMP 029F7250 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01086390 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01086640 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 010853D0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01085300 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010811C0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01081290 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01082510 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 010810A0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01081000 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01082570 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01081D10 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] WS2_32.dll!send 71A5428A 5 Bytes JMP 01087250 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 010820A0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 010823A0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01082160 .text C:\WINDOWS\system32\igfxext.exe[3456] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E06390 .text C:\WINDOWS\system32\igfxext.exe[3456] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E06640 .text C:\WINDOWS\system32\igfxext.exe[3456] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E053D0 .text C:\WINDOWS\system32\igfxext.exe[3456] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E05300 .text C:\WINDOWS\system32\igfxext.exe[3456] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E011C0 .text C:\WINDOWS\system32\igfxext.exe[3456] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E01290 .text C:\WINDOWS\system32\igfxext.exe[3456] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00E02510 .text C:\WINDOWS\system32\igfxext.exe[3456] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00E010A0 .text C:\WINDOWS\system32\igfxext.exe[3456] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00E01000 .text C:\WINDOWS\system32\igfxext.exe[3456] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00E02570 .text C:\WINDOWS\system32\igfxext.exe[3456] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E01D10 .text C:\WINDOWS\system32\igfxext.exe[3456] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E07250 .text C:\WINDOWS\system32\igfxext.exe[3456] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00E020A0 .text C:\WINDOWS\system32\igfxext.exe[3456] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00E023A0 .text C:\WINDOWS\system32\igfxext.exe[3456] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00E02160 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00156390 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156640 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001553D0 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00155300 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00151290 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00152510 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001510A0 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00151000 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00152570 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] WS2_32.dll!send 71A5428A 5 Bytes JMP 00157250 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 001520A0 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 001523A0 .text C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00152160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4048] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 000A2160 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wscntfy.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wscntfy.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wscntfy.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wscntfy.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\WLTRAY.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\WLTRAY.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\WLTRAY.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\WLTRAY.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Ahead\InCD\InCD.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Ahead\InCD\InCD.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Ahead\InCD\InCD.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Ahead\InCD\InCD.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\Malwarebytes' Anti-Malware\mbamgui.exe[2716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxtray.exe[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxtray.exe[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxtray.exe[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxtray.exe[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\hkcmd.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\hkcmd.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\hkcmd.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\hkcmd.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxpers.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxpers.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxpers.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxpers.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\stefan\Pulpit\gyhq2rgz.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxsrvc.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxsrvc.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxsrvc.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxsrvc.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ctfmon.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ctfmon.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ctfmon.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ctfmon.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Phone\Skype.exe[3136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Phone\Skype.exe[3136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Phone\Skype.exe[3136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Skype\Phone\Skype.exe[3136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxext.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxext.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxext.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\igfxext.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\stefan\USTAWI~1\Temp\RtkBtMnt.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software) Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Najkjx C:\Documents and Settings\stefan\Dane aplikacji\Najkjx.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\stefan\Dane aplikacji\Najkjx.exe Najkjx ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\stefan\Dane aplikacji\Najkjx.exe 145997 bytes executable File C:\WINDOWS\pchealth\helpctr\System\errors\badurl.htm 1664 bytes File C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm 19146 bytes File C:\WINDOWS\pchealth\helpctr\System\errors\indexfirstlevel.htm 1685 bytes File C:\WINDOWS\pchealth\helpctr\System\errors\notfound.htm 2014 bytes File C:\WINDOWS\pchealth\helpctr\System\errors\offline.htm 775 bytes File C:\WINDOWS\pchealth\helpctr\System\errors\redirect.htm 1749 bytes File C:\WINDOWS\pchealth\helpctr\System\errors\unreachable.htm 1708 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16 0 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\arrow_blue_normal_shadow.bmp 2358 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\arrow_green_normal_shadow.bmp 2358 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\compat.bmp 1078 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\errmsg.bmp 1078 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\support.bmp 1078 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\tools.bmp 1078 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\update.bmp 1078 bytes File C:\WINDOWS\pchealth\helpctr\System\images\16x16\warning.gif 600 bytes File C:\WINDOWS\pchealth\helpctr\System\images\24x24 0 bytes File C:\WINDOWS\pchealth\helpctr\System\images\24x24\arrow_green_mousedown.bmp 2358 bytes File C:\WINDOWS\pchealth\helpctr\System\images\24x24\arrow_green_mouseover.bmp 2358 bytes File C:\WINDOWS\pchealth\helpctr\System\images\24x24\arrow_green_normal.bmp 2358 bytes File C:\WINDOWS\pchealth\helpctr\System\images\32x32 0 bytes File C:\WINDOWS\pchealth\helpctr\System\images\32x32\logo.bmp 2358 bytes File C:\WINDOWS\pchealth\helpctr\System\images\48x48 0 bytes File C:\WINDOWS\pchealth\helpctr\System\images\48x48\desktop_icon_01.bmp 9270 bytes File C:\WINDOWS\pchealth\helpctr\System\images\48x48\desktop_icon_02.bmp 9270 bytes File C:\WINDOWS\pchealth\helpctr\System\images\48x48\desktop_icon_03.bmp 9270 bytes File C:\WINDOWS\pchealth\helpctr\System\images\48x48\desktop_icon_04.bmp 9270 bytes File C:\WINDOWS\pchealth\helpctr\System\images\48x48\desktop_icon_generic.bmp 9270 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Centers 0 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Centers\blue_arrow.gif 674 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Centers\Connect.gif 1383 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Centers\IULogo.gif 1839 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Centers\Uabrand.gif 1525 bytes File C:\WINDOWS\pchealth\helpctr\System\images\error.gif 1557 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Expando 0 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Expando\collapsed.gif 139 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Expando\endnode.gif 136 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Expando\expanded.gif 135 bytes File C:\WINDOWS\pchealth\helpctr\System\images\Expando\helpdoc.gif 207 bytes File C:\WINDOWS\pchealth\helpctr\System\images\feedback.gif 895 bytes File C:\WINDOWS\pchealth\helpctr\System\images\flyout_arrow.gif 70 bytes File C:\WINDOWS\pchealth\helpctr\System\images\get_conn.gif 1383 bytes File C:\WINDOWS\pchealth\helpctr\System\images\icon_articles_12x.bmp 630 bytes File C:\WINDOWS\pchealth\helpctr\System\images\icon_blank_12x.bmp 630 bytes File C:\WINDOWS\pchealth\helpctr\System\images\icon_newwindow_12x.bmp 630 bytes File C:\WINDOWS\pchealth\helpctr\System\images\icon_onlineinline_12x.bmp 630 bytes File C:\WINDOWS\pchealth\helpctr\System\images\icon_tours_12x.bmp 630 bytes File C:\WINDOWS\pchealth\helpctr\System\images\icon_tutorials_12x.bmp 630 bytes File C:\WINDOWS\pchealth\helpctr\System\images\info.gif 1521 bytes File C:\WINDOWS\pchealth\helpctr\System\images\progbar.gif 2801 bytes File C:\WINDOWS\pchealth\helpctr\System\images\warning.gif 1466 bytes File C:\WINDOWS\pchealth\helpctr\System\images\wrapperhelp.gif 76 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\AdvSearch.htm 19600 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm 608 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\Context.htm 9219 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\firstpage.htm 714 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\HHWrapper.htm 713 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\MiniNavBar.htm 4813 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\MiniNavBar.xml 2020 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\NavBar.htm 20902 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\NavBar.xml 2621 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\Options.htm 4487 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\RemoteHelp.htm 43484 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\ShareHelp.htm 4744 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels 0 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Channels.htm 8531 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Favorites.htm 8534 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\History.htm 5371 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm 2912 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Options.htm 3474 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Search.htm 37581 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Subsite.htm 6520 bytes File C:\WINDOWS\pchealth\helpctr\System\panels\Topics.htm 5543 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common 0 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\common.js 5240 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\ConnIssue.htm 5457 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\constants.js 2169 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\icon_information_32x.gif 234 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\icon_warning_32x.gif 219 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\LearnInternet.htm 1634 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\RAHelp.htm 2322 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\RCMoreInfo.htm 2870 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css 0 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\RAChat.css 1369 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\rc.css 2442 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\rcbuddy.css 1308 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\ding.wav 80856 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\helpeeaccept.htm 3951 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction 0 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client 0 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Animation.gif 4756 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\combobox_line.gif 59 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\connected.gif 1094 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.gif 1024 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.htm 343 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DownArrow.gif 838 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAChatClient.htm 9020 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.htm 45535 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.js 11154 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm 7164 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAToolBar.htm 11198 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAToolBar.xml 3204 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm 1296 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\rctoolScreen1.htm 2493 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\setting.htm 6577 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\TakeControl.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\TakeControl.gif 861 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\UpArrow.gif 834 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common 0 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\attentioninteraction.gif 690 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm 2083 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HelpCenter.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HelpCenter.gif 845 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\hide-chat.gif 379 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\info.gif 227 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Options.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Options.gif 713 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Quit.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Quit.gif 750 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RAControl.js 15781 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm 30877 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendChat.gif 1041 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendFile.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendFile.gif 694 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoice.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoice.gif 692 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoiceOn.gif 994 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\show-chat.gif 380 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\voicefirewallmsg.htm 3265 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm 2340 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server 0 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar1.htm 338 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar2.htm 350 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ESC_key.gif 2818 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Helpee_line.gif 75 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAChatServer.htm 8137 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServer.htm 21148 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServer.js 5147 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServerToolBar.htm 14593 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\SettingServer.htm 4813 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\StopControl.bmp 3898 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\StopControl.gif 640 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm 3264 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\RAClientLayout.xml 530 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\RAHelpeeAcceptLayout.xml 656 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\RAIMLayout.xml 579 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\RAStartPage.htm 3488 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\RAURA.xml 561 bytes File C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\rcBuddy.htm 6097 bytes File C:\WINDOWS\pchealth\helpctr\System\scripts\Common.js 3159 bytes File C:\WINDOWS\pchealth\helpctr\System\scripts\HomePage__DESKTOP.js 3445 bytes File C:\WINDOWS\pchealth\helpctr\System\scripts\HomePage__SERVER.js 8844 bytes File C:\WINDOWS\pchealth\helpctr\System\scripts\HomePage__SHARED.js 4688 bytes File C:\WINDOWS\pchealth\helpctr\System\scripts\wrapperparam.js 2954 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\commonFunc.js 32141 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics 0 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie 0 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\0_chart.gif 734 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\100_chart.gif 741 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\10_chart.gif 784 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\15_chart.gif 778 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\20_chart.gif 775 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\25_chart.gif 781 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\30_chart.gif 782 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\35_chart.gif 793 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\40_chart.gif 789 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\45_chart.gif 785 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\50_chart.gif 762 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\55_chart.gif 777 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\5_chart.gif 773 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\60_chart.gif 789 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\65_chart.gif 1199 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\70_chart.gif 1190 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\75_chart.gif 1194 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\80_chart.gif 1196 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\85_chart.gif 1190 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\90_chart.gif 1196 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\95_chart.gif 1207 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie 0 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\0_chart.gif 1345 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\100_chart.gif 1358 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\10_chart.gif 1443 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\15_chart.gif 1435 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\20_chart.gif 1421 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\25_chart.gif 1423 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\30_chart.gif 1428 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\35_chart.gif 1441 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\40_chart.gif 1446 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\45_chart.gif 1446 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\50_chart.gif 1412 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\55_chart.gif 1430 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\5_chart.gif 1413 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\60_chart.gif 1446 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\65_chart.gif 1445 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\70_chart.gif 1435 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\75_chart.gif 1442 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\80_chart.gif 1447 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\85_chart.gif 1426 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\90_chart.gif 1442 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\95_chart.gif 1445 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\alert.gif 118 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\BArrow.gif 674 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\card.gif 162 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\cd.gif 257 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\check.gif 145 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\chip.gif 102 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\down.bmp 1498 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\drive.gif 139 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\error.gif 107 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\floppy.gif 159 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\GArrow.gif 682 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\gears.gif 135 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\greendot.jpg 677 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\info.gif 99 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\monitor.gif 129 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\personalizing.gif 181 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\PieChart.gif 1135 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\PieGrey.gif 67 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\PieWhite.gif 67 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\printer.gif 136 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\r1_c1.gif 114 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\r1_c2.gif 107 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\r1_c3.gif 106 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\r3_c2.gif 107 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\spacer.gif 43 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\system.gif 404 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\Untitled.gif 1135 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\up.bmp 1498 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\usb.gif 262 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\windows.gif 569 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\loc_strings.xml 27302 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfo.htm 2501 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfo.xml 374 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfohss.css 582 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\RSoP.htm 56623 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\RSoP.js 57454 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm 25129 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysComponentInfo.js 27910 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysConfigLaunch.htm 1401 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysDiskTS.htm 2620 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm 10401 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm 13635 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysHealthInfo.js 20083 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysInfoLaunch.htm 4215 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfomain.htm 4231 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfosum.htm 16177 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm 1944 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm 10217 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm 7927 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.js 9506 bytes File C:\WINDOWS\pchealth\helpctr\System\sysinfo\wmi_data.js 14129 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common 0 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\common.js 5240 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm 5457 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\constants.js 2169 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_information_32x.gif 234 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_warning_32x.gif 219 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm 1634 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RAHelp.htm 2322 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm 2870 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm 2878 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css 0 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\RAChat.css 1369 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\rc.css 2442 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\rcbuddy.css 1308 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation 0 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common 0 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\address_book.gif 102 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\arrow.gif 1074 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\attention.gif 690 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy.gif 387 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_attention.gif 608 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_away.gif 382 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_busy.gif 373 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_none.gif 910 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_offline.gif 384 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Envelope.gif 111 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\floppy.gif 159 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\generic_mail.gif 1047 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\icon_extweb.gif 321 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\IM_icon.gif 139 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\info.gif 227 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\logon_anim.gif 3169 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\messenger_big.gif 1473 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_left.gif 7066 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_right.gif 8509 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook.gif 180 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook_express.gif 410 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm 3342 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm 2626 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm 4468 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm 321 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Remote_Assistance_Graphic.png 53542 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\square_bullet.gif 51 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email 0 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\check.gif 137 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm 3497 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\help.gif 254 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm 4818 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm 5278 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm 4400 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm 14757 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm 30690 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm 1296 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm 8158 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm 7646 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm 8439 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreenshot3.gif 14603 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm 3317 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited 0 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm 13525 bytes File C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm 16209 bytes File C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf 68762 bytes File C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf 29092 bytes File C:\WINDOWS\Prefetch\ALLPLAYER.EXE-235B31AA.pf 53498 bytes File C:\WINDOWS\Prefetch\AT.EXE-2770DD18.pf 14028 bytes File C:\WINDOWS\Prefetch\MBAM.EXE-16C14AF6.pf 83022 bytes File C:\WINDOWS\Prefetch\MBRCHECK.EXE-218B5A53.pf 11528 bytes File C:\WINDOWS\Prefetch\MBRCHECK.EXE-2C0C2BF7.pf 11518 bytes File C:\WINDOWS\Prefetch\MPNOTIFY.EXE-3631A846.pf 19438 bytes File C:\WINDOWS\Prefetch\MSI4.TMP-24BABF27.pf 10644 bytes File C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf 74538 bytes File C:\WINDOWS\Prefetch\MSOHELP.EXE-17935AFC.pf 41742 bytes File C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf 32044 bytes File C:\WINDOWS\Prefetch\GREP.CFXXE-005CE245.pf 9710 bytes File C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf 12682 bytes File C:\WINDOWS\Prefetch\GSAR.CFXXE-064C1B3A.pf 9752 bytes File C:\WINDOWS\Prefetch\GYHQ2RGZ.EXE-05B05DEB.pf 27570 bytes File C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf 96302 bytes File C:\WINDOWS\Prefetch\HIDEC.EXE-3B166DB3.pf 11184 bytes File C:\WINDOWS\Prefetch\HP1006MC.EXE-1DFFDF4D.pf 60422 bytes File C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf 12770 bytes File C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf 12002 bytes File C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf 96062 bytes File C:\WINDOWS\Prefetch\IFRMEWRK.EXE-0618C85D.pf 46306 bytes File C:\WINDOWS\Prefetch\IGFXEXT.EXE-20973E2B.pf 46672 bytes File C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf 19180 bytes File C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 19354 bytes File C:\WINDOWS\Prefetch\SKYTEL.EXE-12751D3A.pf 13354 bytes File C:\WINDOWS\Prefetch\SOFTONICDOWNLOADER_FUER_KASPE-01C61AA6.pf 43690 bytes File C:\WINDOWS\Prefetch\SOFTONICDOWNLOADER_FUER_KASPE-24B9AAA2.pf 39668 bytes File C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf 19860 bytes File C:\WINDOWS\Prefetch\SVCHOST.EXE-2CF5F649.pf 11114 bytes File C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf 19998 bytes File C:\WINDOWS\Prefetch\SWREG.CFXXE-16776A8B.pf 12754 bytes File C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf 11986 bytes File C:\WINDOWS\Prefetch\SYNTPENH.EXE-315D3ABC.pf 14240 bytes File C:\WINDOWS\Prefetch\TDSSKILLER.EXE-0859EFD1.pf 21302 bytes File C:\WINDOWS\Prefetch\TDSSKILLER.EXE-125365A7.pf 20928 bytes File C:\WINDOWS\Prefetch\UNPACK200.EXE-37627EF0.pf 66136 bytes File C:\WINDOWS\Prefetch\USERINIT.EXE-0DF40C91.pf 11592 bytes File C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf 17362 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EE676D0.pf 16550 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-216CFE0B.pf 35502 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-2341BBC5.pf 19444 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-35BF053A.pf 28114 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-35BF1C66.pf 15098 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf 14690 bytes File C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C890DB3.pf 18864 bytes File C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 16484 bytes File C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf 34582 bytes File C:\WINDOWS\Prefetch\AZMIXERSEL.EXE-0791FC40.pf 7816 bytes File C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf 14304 bytes File C:\WINDOWS\Prefetch\CAMERAASSISTANT.EXE-0D24C542.pf 20354 bytes File C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf 9848 bytes File C:\WINDOWS\Prefetch\CMD.CFXXE-12A6B182.pf 16960 bytes File C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf 17030 bytes File C:\WINDOWS\Prefetch\COMBOFIX.EXE-342AE3F6.pf 67376 bytes File C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf 19706 bytes File C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf 18632 bytes File C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf 56186 bytes File C:\WINDOWS\Prefetch\JAUREG.EXE-009F59AE.pf 13146 bytes File C:\WINDOWS\Prefetch\JAVA.EXE-1E21D4DA.pf 14152 bytes File C:\WINDOWS\Prefetch\JAVAW.EXE-021F87DA.pf 94078 bytes File C:\WINDOWS\Prefetch\JAVAW.EXE-23A5E92B.pf 29500 bytes File C:\WINDOWS\Prefetch\JAVAWS.EXE-1EEF33AA.pf 18070 bytes File C:\WINDOWS\Prefetch\JQS.EXE-21B69FF4.pf 39338 bytes File C:\WINDOWS\Prefetch\JRE-7U2-WINDOWS-I586.EXE-13BBE4CB.pf 55734 bytes File C:\WINDOWS\Prefetch\Layout.ini 310698 bytes File C:\WINDOWS\Prefetch\LMANAGER.EXE-119B7AAF.pf 20332 bytes File C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf 11838 bytes File C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf 17770 bytes File C:\WINDOWS\Prefetch\SED.CFXXE-384BB311.pf 10092 bytes File C:\WINDOWS\Prefetch\SETUP.EXE-21AAC7E3.pf 31488 bytes File C:\WINDOWS\Prefetch\SKYPE.EXE-30AE1A60.pf 47356 bytes File C:\WINDOWS\Prefetch\SKYPEPM.EXE-2BC7DD5C.pf 45818 bytes File C:\WINDOWS\Prefetch\RTKBTMNT.EXE-3A9A692C.pf 110182 bytes File C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf 93054 bytes File C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf 19368 bytes File C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf 52104 bytes File C:\WINDOWS\Prefetch\WMIC.EXE-3B772CC6.pf 37890 bytes File C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf 38250 bytes File C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf 4060 bytes File C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf 22550 bytes File C:\WINDOWS\Prefetch\ZCFGSVC.EXE-1A56EA85.pf 30272 bytes File C:\WINDOWS\Prefetch\N.PIF-1B75D06C.pf 17358 bytes File C:\WINDOWS\Prefetch\NAJKJX.EXE-37F26CE0.pf 27742 bytes File C:\WINDOWS\Prefetch\NIRCMD.CFXXE-351E2F5E.pf 11830 bytes File C:\WINDOWS\Prefetch\NIRCMDC.CFXXE-1A395113.pf 11512 bytes File C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf 17188 bytes File C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf 49722 bytes File C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf 1053370 bytes File C:\WINDOWS\Prefetch\OFFICEUPDATE.EXE-17C63500.pf 16816 bytes File C:\WINDOWS\Prefetch\OIS.EXE-33076924.pf 36922 bytes File C:\WINDOWS\Prefetch\OTL.EXE-02232719.pf 62118 bytes File C:\WINDOWS\Prefetch\PEV.CFXXE-3B65BD28.pf 11454 bytes File C:\WINDOWS\Prefetch\PEV.EXE-2937A365.pf 13996 bytes File C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf 20228 bytes File C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf 41598 bytes File C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf 61186 bytes File C:\WINDOWS\Prefetch\E621CA05.EXE-038295EC.pf 17928 bytes File C:\WINDOWS\Prefetch\E621CA05.EXE-2F032F58.pf 19280 bytes File C:\WINDOWS\Prefetch\E621CA05.EXE-36061171.pf 18394 bytes File C:\WINDOWS\Prefetch\EXCEL.EXE-13B3F319.pf 95594 bytes File C:\WINDOWS\Provisioning\Schemas\baseeapconnectionpropertiesv1.xdr 520 bytes File C:\WINDOWS\Provisioning\Schemas\baseeapuserpropertiesv1.xdr 580 bytes File C:\WINDOWS\Provisioning\Schemas\branding.xdr 1426 bytes File C:\WINDOWS\Provisioning\Schemas\eapconnectionpropertiesv1.xdr 689 bytes File C:\WINDOWS\Provisioning\Schemas\eapuserpropertiesv1.xdr 378 bytes File C:\WINDOWS\Provisioning\Schemas\flashconfig.xdr 4089 bytes File C:\WINDOWS\Provisioning\Schemas\flashconfigdevice.xdr 9924 bytes File C:\WINDOWS\Provisioning\Schemas\help.xdr 732 bytes File C:\WINDOWS\Provisioning\Schemas\locations.xdr 1721 bytes File C:\WINDOWS\Provisioning\Schemas\masterfile.xdr 2459 bytes File C:\WINDOWS\Provisioning\Schemas\mschapv2connectionpropertiesv1.xdr 395 bytes File C:\WINDOWS\Provisioning\Schemas\mschapv2userpropertiesv1.xdr 861 bytes File C:\WINDOWS\Provisioning\Schemas\mspeapconnectionpropertiesv1.xdr 1911 bytes File C:\WINDOWS\Provisioning\Schemas\mspeapuserpropertiesv1.xdr 698 bytes File C:\WINDOWS\Provisioning\Schemas\register.xdr 1032 bytes File C:\WINDOWS\Provisioning\Schemas\ssid.xdr 1673 bytes File C:\WINDOWS\Provisioning\Schemas\wirelessprofile.xdr 2036 bytes File C:\WINDOWS\Provisioning\Schemas\wizard.xdr 22405 bytes File C:\WINDOWS\SMSC\IRDA\V5_1_3600_5\delinf.exe 45790 bytes executable File C:\WINDOWS\SMSC\IRDA\V5_1_3600_5\install.exe 34848 bytes executable File C:\WINDOWS\SMSC\IRDA\V5_1_3600_5\irdasmc.cat 8692 bytes File C:\WINDOWS\SMSC\IRDA\V5_1_3600_5\IRDASMC.INF 23809 bytes File C:\WINDOWS\SMSC\IRDA\V5_1_3600_5\remove.exe 33790 bytes executable File C:\WINDOWS\SMSC\IRDA\V5_1_3600_5\smcirda.sys 46080 bytes executable File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk 8192 bytes File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log 131072 bytes File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00004.log 131072 bytes File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res1.log 131072 bytes File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log 131072 bytes File C:\WINDOWS\srchasst\chars\courtney.acs 816535 bytes File C:\WINDOWS\srchasst\chars\earl.acs 1472718 bytes File C:\WINDOWS\srchasst\chars\rover.acs 1861820 bytes File C:\WINDOWS\srchasst\mui\0415 0 bytes File C:\WINDOWS\srchasst\mui\0415\balloon.xsl 34671 bytes File C:\WINDOWS\srchasst\mui\0415\bar.xsl 34643 bytes File C:\WINDOWS\srchasst\mui\0415\charchsr.xml 226 bytes File C:\WINDOWS\srchasst\mui\0415\charctxt.xml 496 bytes File C:\WINDOWS\srchasst\mui\0415\error.xml 100 bytes File C:\WINDOWS\srchasst\mui\0415\finish.xml 1079 bytes File C:\WINDOWS\srchasst\mui\0415\indxsvc.xml 1413 bytes File C:\WINDOWS\srchasst\mui\0415\inetfind.xml 804 bytes File C:\WINDOWS\srchasst\mui\0415\inetopts.xml 1495 bytes File C:\WINDOWS\srchasst\mui\0415\inetpref.xml 2890 bytes File C:\WINDOWS\srchasst\mui\0415\inetsrch.xml 1170 bytes File C:\WINDOWS\srchasst\mui\0415\intents.xml 618 bytes File C:\WINDOWS\srchasst\mui\0415\intro.xml 559 bytes File C:\WINDOWS\srchasst\mui\0415\lcladv.xml 5695 bytes File C:\WINDOWS\srchasst\mui\0415\lcladvd.xml 5658 bytes File C:\WINDOWS\srchasst\mui\0415\lcladvdf.xml 6007 bytes File C:\WINDOWS\srchasst\mui\0415\lcladvmm.xml 6815 bytes File C:\WINDOWS\srchasst\mui\0415\lclcomp.xml 785 bytes File C:\WINDOWS\srchasst\mui\0415\lcldate.xml 2014 bytes File C:\WINDOWS\srchasst\mui\0415\lcldocs.xml 2568 bytes File C:\WINDOWS\srchasst\mui\0415\lclkwrds.xml 465 bytes File C:\WINDOWS\srchasst\mui\0415\lcllook.xml 355 bytes File C:\WINDOWS\srchasst\mui\0415\lclmm.xml 2344 bytes File C:\WINDOWS\srchasst\mui\0415\lclmode.xml 595 bytes File C:\WINDOWS\srchasst\mui\0415\lclother.xml 648 bytes File C:\WINDOWS\srchasst\mui\0415\lclprog.xml 2066 bytes File C:\WINDOWS\srchasst\mui\0415\lclrfine.xml 6191 bytes File C:\WINDOWS\srchasst\mui\0415\lclsize.xml 1573 bytes File C:\WINDOWS\srchasst\mui\0415\lclsrch.xml 1259 bytes File C:\WINDOWS\srchasst\mui\0415\lcltechy.xml 640 bytes File C:\WINDOWS\Sun\Java 0 bytes File C:\WINDOWS\Sun\Java\Deployment 0 bytes File C:\WINDOWS\system32\icsxml\cmnicfg.xml 5854 bytes File C:\WINDOWS\system32\icsxml\ipcfg.xml 13437 bytes File C:\WINDOWS\system32\icsxml\osinfo.xml 766 bytes File C:\WINDOWS\system32\icsxml\potscfg.xml 2598 bytes File C:\WINDOWS\system32\icsxml\pppcfg.xml 14420 bytes File C:\WINDOWS\system32\oobe\migx25b.dun 627 bytes File C:\WINDOWS\system32\oobe\actsetup 0 bytes File C:\WINDOWS\system32\oobe\actsetup\actconn.htm 3348 bytes File C:\WINDOWS\system32\oobe\actsetup\actdone.htm 1944 bytes File C:\WINDOWS\system32\oobe\actsetup\activ.htm 5966 bytes File C:\WINDOWS\system32\oobe\actsetup\activerr.htm 2188 bytes File C:\WINDOWS\system32\oobe\actsetup\activsvc.htm 8464 bytes File C:\WINDOWS\system32\oobe\actsetup\actlan.htm 4254 bytes File C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm 20065 bytes File C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm 4927 bytes File C:\WINDOWS\system32\oobe\actsetup\apolicy.htm 4120 bytes File C:\WINDOWS\system32\oobe\actsetup\aprvcyms.htm 3789 bytes File C:\WINDOWS\system32\oobe\actsetup\areg1.htm 4362 bytes File C:\WINDOWS\system32\oobe\actsetup\aregdial.htm 2266 bytes File C:\WINDOWS\system32\oobe\actsetup\aregdone.htm 1995 bytes File C:\WINDOWS\system32\oobe\actsetup\aregsty2.css 2286 bytes File C:\WINDOWS\system32\oobe\actsetup\aregstyl.css 2277 bytes File C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm 7264 bytes File C:\WINDOWS\system32\oobe\actshell.htm 89991 bytes File C:\WINDOWS\system32\oobe\agtcore.js 48410 bytes File C:\WINDOWS\system32\oobe\agtscrp2.js 3353 bytes File C:\WINDOWS\system32\oobe\agtscrpt.js 275163 bytes File C:\WINDOWS\system32\oobe\dialmgr.js 18989 bytes File C:\WINDOWS\system32\oobe\dslmain.js 17036 bytes File C:\WINDOWS\system32\oobe\dtsgnup.htm 42663 bytes File C:\WINDOWS\system32\oobe\error 0 bytes File C:\WINDOWS\system32\oobe\error\cnncterr.htm 3579 bytes File C:\WINDOWS\system32\oobe\error\dialtone.htm 3243 bytes File C:\WINDOWS\system32\oobe\error\hndshake.htm 2380 bytes File C:\WINDOWS\system32\oobe\error\isp2busy.htm 2265 bytes File C:\WINDOWS\system32\oobe\error\noanswer.htm 6609 bytes File C:\WINDOWS\system32\oobe\error\pberr.htm 2144 bytes File C:\WINDOWS\system32\oobe\error\pulse.htm 2836 bytes File C:\WINDOWS\system32\oobe\error\toobusy.htm 6387 bytes File C:\WINDOWS\system32\oobe\error.js 19638 bytes File C:\WINDOWS\system32\oobe\html 0 bytes File C:\WINDOWS\system32\oobe\html\dslmain 0 bytes File C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm 4708 bytes File C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm 7842 bytes File C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm 6593 bytes File C:\WINDOWS\system32\oobe\html\iconnect 0 bytes File C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm 3448 bytes File C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm 11319 bytes File C:\WINDOWS\system32\oobe\html\ispsgnup 0 bytes File C:\WINDOWS\system32\oobe\html\isptype 0 bytes File C:\WINDOWS\system32\oobe\html\isptype\isptype.htm 5275 bytes File C:\WINDOWS\system32\oobe\html\mouse 0 bytes File C:\WINDOWS\system32\oobe\html\mouse\images 0 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\bulzano.jpg 72921 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\bulzanom.jpg 40046 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but1_dwn.gif 1188 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but1_idl.gif 543 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but1_up.gif 1190 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but2_dwn.gif 751 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but2_idl.gif 409 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but2_up.gif 753 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but3_dwn.gif 981 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but3_idl.gif 590 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but3_up.gif 983 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but4_dwn.gif 825 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but4_idl.gif 436 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\but4_up.gif 823 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\clicking.gif 6829 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\desktop3.gif 17486 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\heidelb.jpg 35268 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\heidelbm.jpg 20512 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\mouse4.gif 47282 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\mouseimg.gif 4361 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\paris.jpg 42189 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\parism.jpg 25628 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\pisa.jpg 39156 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\pisam.jpg 22602 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\prague.jpg 38850 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\praguem.jpg 23646 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\tyrol.jpg 63016 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\tyrolm.jpg 33735 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\venice.jpg 49251 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\venicem.jpg 27707 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\verona.jpg 52203 bytes File C:\WINDOWS\system32\oobe\html\mouse\images\veronam.jpg 30177 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse.htm 4099 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm 2377 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm 2437 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm 3700 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm 2324 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm 3755 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm 2394 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm 3312 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm 2887 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm 3311 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm 2895 bytes File C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm 2873 bytes File C:\WINDOWS\system32\oobe\html\oemcust 0 bytes File C:\WINDOWS\system32\oobe\html\oemhw 0 bytes File C:\WINDOWS\system32\oobe\html\oemreg 0 bytes File C:\WINDOWS\system32\oobe\html\sconnect 0 bytes File C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm 3701 bytes File C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm 3431 bytes File C:\WINDOWS\system32\oobe\iconnect.js 13195 bytes File C:\WINDOWS\system32\oobe\icserror 0 bytes File C:\WINDOWS\system32\oobe\icserror\icsdc.htm 3408 bytes File C:\WINDOWS\system32\oobe\icsmgr.js 17233 bytes File C:\WINDOWS\system32\oobe\images 0 bytes File C:\WINDOWS\system32\oobe\images\magnify.gif 7972 bytes File C:\WINDOWS\system32\oobe\images\arrow.gif 300 bytes File C:\WINDOWS\system32\oobe\images\backdown.jpg 3461 bytes File C:\WINDOWS\system32\oobe\images\backoff.jpg 2817 bytes File C:\WINDOWS\system32\oobe\images\backover.jpg 3557 bytes File C:\WINDOWS\system32\oobe\images\backup.jpg 3540 bytes File C:\WINDOWS\system32\oobe\images\btn1.gif 978 bytes File C:\WINDOWS\system32\oobe\images\btn2.gif 978 bytes File C:\WINDOWS\system32\oobe\images\btn3.gif 978 bytes File C:\WINDOWS\system32\oobe\images\bullet1.gif 54 bytes File C:\WINDOWS\system32\oobe\images\clickerx.wav 4616 bytes File C:\WINDOWS\system32\oobe\images\clickhr.gif 559 bytes File C:\WINDOWS\system32\oobe\images\dialtone.gif 4795 bytes File C:\WINDOWS\system32\oobe\images\dialup.gif 124383 bytes File C:\WINDOWS\system32\oobe\images\greenshd.gif 2135 bytes File C:\WINDOWS\system32\oobe\images\grn_btn.gif 1234 bytes File C:\WINDOWS\system32\oobe\images\hand1.gif 9513 bytes File C:\WINDOWS\system32\oobe\images\hand2.gif 9257 bytes File C:\WINDOWS\system32\oobe\images\intro.wmv 665107 bytes File C:\WINDOWS\system32\oobe\images\merlin.gif 2700 bytes File C:\WINDOWS\system32\oobe\images\monitor.gif 17745 bytes File C:\WINDOWS\system32\oobe\images\monitor2.gif 21991 bytes File C:\WINDOWS\system32\oobe\images\mouse.gif 2730 bytes File C:\WINDOWS\system32\oobe\images\mousewn1.gif 10567 bytes File C:\WINDOWS\system32\oobe\images\mslogo.jpg 14679 bytes File C:\WINDOWS\system32\oobe\images\newbtm1.jpg 9131 bytes File C:\WINDOWS\system32\oobe\images\newbtm8.jpg 8727 bytes File C:\WINDOWS\system32\oobe\images\newmark1.jpg 56043 bytes File C:\WINDOWS\system32\oobe\images\newmark8.jpg 38987 bytes File C:\WINDOWS\system32\oobe\images\newtop1.jpg 8806 bytes File C:\WINDOWS\system32\oobe\images\newtop8.jpg 8048 bytes File C:\WINDOWS\system32\oobe\images\nextdown.jpg 3439 bytes File C:\WINDOWS\system32\oobe\images\nextoff.jpg 2705 bytes File C:\WINDOWS\system32\oobe\images\nextover.jpg 3554 bytes File C:\WINDOWS\system32\oobe\images\nextup.jpg 3539 bytes File C:\WINDOWS\system32\oobe\images\oemcoa.jpg 3364 bytes File C:\WINDOWS\system32\oobe\images\oemlogo.gif 3343 bytes File C:\WINDOWS\system32\oobe\images\prodkey.gif 993 bytes File C:\WINDOWS\system32\oobe\images\progress.gif 1230 bytes File C:\WINDOWS\system32\oobe\images\qmark.acs 1174050 bytes File C:\WINDOWS\system32\oobe\images\qmark.gif 2479 bytes File C:\WINDOWS\system32\oobe\images\redshd.gif 2119 bytes File C:\WINDOWS\system32\oobe\images\skipdown.jpg 3556 bytes File C:\WINDOWS\system32\oobe\images\skipoff.jpg 2759 bytes File C:\WINDOWS\system32\oobe\images\skipover.jpg 3485 bytes File C:\WINDOWS\system32\oobe\images\skipup.jpg 3483 bytes File C:\WINDOWS\system32\oobe\images\thanks10.png 38558 bytes File C:\WINDOWS\system32\oobe\images\thanks8.png 26392 bytes File C:\WINDOWS\system32\oobe\images\title.wma 2624518 bytes File C:\WINDOWS\system32\oobe\images\wpaback.jpg 44244 bytes File C:\WINDOWS\system32\oobe\images\wpabtm.jpg 11746 bytes File C:\WINDOWS\system32\oobe\images\wpaflag.jpg 5823 bytes File C:\WINDOWS\system32\oobe\images\wpakey.jpg 25759 bytes File C:\WINDOWS\system32\oobe\images\wpatop.jpg 17719 bytes File C:\WINDOWS\system32\oobe\isperror 0 bytes File C:\WINDOWS\system32\oobe\isperror\ispcnerr.htm 3527 bytes File C:\WINDOWS\system32\oobe\isperror\ispdtone.htm 3271 bytes File C:\WINDOWS\system32\oobe\isperror\isphdshk.htm 2451 bytes File C:\WINDOWS\system32\oobe\isperror\ispins.htm 2709 bytes File C:\WINDOWS\system32\oobe\isperror\ispnoanw.htm 6742 bytes File C:\WINDOWS\system32\oobe\isperror\isppberr.htm 2316 bytes File C:\WINDOWS\system32\oobe\isperror\ispphbsy.htm 6437 bytes File C:\WINDOWS\system32\oobe\isperror\ispsbusy.htm 2491 bytes File C:\WINDOWS\system32\oobe\isptype.js 1249 bytes File C:\WINDOWS\system32\oobe\migip.dun 359 bytes File C:\WINDOWS\system32\oobe\migrate.isp 242 bytes File C:\WINDOWS\system32\oobe\migrate.js 23894 bytes File C:\WINDOWS\system32\oobe\migrate.obe 7160 bytes File C:\WINDOWS\system32\oobe\migx25a.dun 576 bytes File C:\WINDOWS\system32\oobe\migx25c.dun 576 bytes File C:\WINDOWS\system32\oobe\mousetut.js 11269 bytes File C:\WINDOWS\system32\oobe\msobcomm.dll 122368 bytes executable File C:\WINDOWS\system32\oobe\msobdl.dll 16384 bytes executable File C:\WINDOWS\system32\oobe\msobe.isp 269 bytes File C:\WINDOWS\system32\oobe\msobmain.dll 563200 bytes executable File C:\WINDOWS\system32\oobe\msobshel.dll 30720 bytes executable File C:\WINDOWS\system32\oobe\msobshel.htm 174180 bytes File C:\WINDOWS\system32\oobe\msobweb.dll 18944 bytes executable File C:\WINDOWS\system32\oobe\msoobe.exe 28160 bytes executable File C:\WINDOWS\system32\oobe\obeip.dun 422 bytes File C:\WINDOWS\system32\oobe\oobebaln.exe 51712 bytes executable File C:\WINDOWS\system32\oobe\oobeinfo.ini 244 bytes File C:\WINDOWS\system32\oobe\oobeutil.js 9765 bytes File C:\WINDOWS\system32\oobe\phone.inf 47794 bytes File C:\WINDOWS\system32\oobe\phone.obe 7160 bytes File C:\WINDOWS\system32\oobe\reg.isp 124 bytes File C:\WINDOWS\system32\oobe\regerror 0 bytes File C:\WINDOWS\system32\oobe\regerror\rcnterr.htm 3153 bytes File C:\WINDOWS\system32\oobe\regerror\rdtone.htm 2825 bytes File C:\WINDOWS\system32\oobe\regerror\rhndshk.htm 2022 bytes File C:\WINDOWS\system32\oobe\regerror\rnoansw.htm 6310 bytes File C:\WINDOWS\system32\oobe\regerror\rnomdm.htm 1845 bytes File C:\WINDOWS\system32\oobe\regerror\rpberr.htm 1871 bytes File C:\WINDOWS\system32\oobe\regerror\rpulse.htm 2551 bytes File C:\WINDOWS\system32\oobe\regerror\rtoobusy.htm 6250 bytes File C:\WINDOWS\system32\oobe\sample 0 bytes File C:\WINDOWS\system32\oobe\sconnect.js 1044 bytes File C:\WINDOWS\system32\oobe\setup 0 bytes File C:\WINDOWS\system32\oobe\setup\ident1.htm 3851 bytes File C:\WINDOWS\system32\oobe\setup\acterror.htm 3956 bytes File C:\WINDOWS\system32\oobe\setup\activate.htm 4446 bytes File C:\WINDOWS\system32\oobe\setup\act_plcy.htm 4455 bytes File C:\WINDOWS\system32\oobe\setup\autoupdt.htm 5757 bytes File C:\WINDOWS\system32\oobe\setup\au_plcy.htm 6360 bytes File C:\WINDOWS\system32\oobe\setup\badeula.htm 3747 bytes File C:\WINDOWS\system32\oobe\setup\badpkey.htm 4233 bytes File C:\WINDOWS\system32\oobe\setup\compname.htm 5479 bytes File C:\WINDOWS\system32\oobe\setup\dialup.htm 2241 bytes File C:\WINDOWS\system32\oobe\setup\drdyisp.htm 5633 bytes File C:\WINDOWS\system32\oobe\setup\drdymig.htm 5564 bytes File C:\WINDOWS\system32\oobe\setup\drdyoem.htm 5525 bytes File C:\WINDOWS\system32\oobe\setup\drdyref.htm 7603 bytes File C:\WINDOWS\system32\oobe\setup\dtiwait.htm 1005 bytes File C:\WINDOWS\system32\oobe\setup\fini.htm 3383 bytes File C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm 2701 bytes File C:\WINDOWS\system32\oobe\setup\iconn.htm 3508 bytes File C:\WINDOWS\system32\oobe\setup\ics.htm 7789 bytes File C:\WINDOWS\system32\oobe\setup\ident2.htm 8487 bytes File C:\WINDOWS\system32\oobe\setup\isp.htm 4946 bytes File C:\WINDOWS\system32\oobe\setup\ispwait.htm 1228 bytes File C:\WINDOWS\system32\oobe\setup\jndomain.htm 4138 bytes File C:\WINDOWS\system32\oobe\setup\jndom_a.htm 3393 bytes File C:\WINDOWS\system32\oobe\setup\keybd.htm 4365 bytes File C:\WINDOWS\system32\oobe\setup\keybdcmt.htm 3049 bytes File C:\WINDOWS\system32\oobe\setup\migdial.htm 2393 bytes File C:\WINDOWS\system32\oobe\setup\miglist.htm 4627 bytes File C:\WINDOWS\system32\oobe\setup\migpage.htm 3697 bytes File C:\WINDOWS\system32\oobe\setup\neweula.htm 11108 bytes File C:\WINDOWS\system32\oobe\setup\neweula2.htm 3344 bytes File C:\WINDOWS\system32\oobe\setup\oempriv.htm 2251 bytes File C:\WINDOWS\system32\oobe\setup\Oobedisc.htm 83 bytes File C:\WINDOWS\system32\oobe\setup\oobestyl.css 7132 bytes File C:\WINDOWS\system32\oobe\setup\prodkey.htm 11180 bytes File C:\WINDOWS\system32\oobe\setup\prvcyms.htm 3999 bytes File C:\WINDOWS\system32\oobe\setup\refdial.htm 9940 bytes File C:\WINDOWS\system32\oobe\setup\reg1.htm 6598 bytes File C:\WINDOWS\system32\oobe\setup\reg3.htm 8565 bytes File C:\WINDOWS\system32\oobe\setup\regdial.htm 2492 bytes File C:\WINDOWS\system32\oobe\setup\security.htm 3791 bytes File C:\WINDOWS\system32\oobe\setup\timezone.htm 3200 bytes File C:\WINDOWS\system32\oobe\setup\username.htm 6008 bytes File C:\WINDOWS\system32\oobe\setup\welcome.htm 17374 bytes File C:\WINDOWS\system32\oobe\updshell.htm 32045 bytes File C:\WINDOWS\system32\config\systemprofile\Cookies 0 bytes File C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 16384 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\desktop.ini 62 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel\Wireless 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel\Wireless\Settings 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel\Wireless\Settings\Settings.ini 716 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\CryptnetUrlCache 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\CryptnetUrlCache\Content 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 558 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\CryptnetUrlCache\MetaData 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 144 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\Internet Explorer 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\Internet Explorer\brndlog.bak 113 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\Internet Explorer\brndlog.txt 141 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\Media Player 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\desktop.ini 62 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\desktop.ini 501 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Eksplorator Windows.lnk 1487 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Kreator zgodności programów.lnk 386 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Notatnik.lnk 1519 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Rozrywka 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Rozrywka\desktop.ini 84 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Rozrywka\Windows Media Player.lnk 804 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Samouczek systemu Windows XP.lnk 1527 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Synchronizuj.lnk 1519 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Ułatwienia dostępu 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Ułatwienia dostępu\desktop.ini 290 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Ułatwienia dostępu\Klawiatura ekranowa.lnk 1501 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Ułatwienia dostępu\Lupa.lnk 1525 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Ułatwienia dostępu\Menedżer narzędzi.lnk 1539 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Wiersz polecenia.lnk 1555 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Autostart 0 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Autostart\desktop.ini 84 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\desktop.ini 143 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Pomoc zdalna.lnk 1599 bytes File C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Windows Media Player.lnk 792 bytes File C:\WINDOWS\system32\config\systemprofile\Moje dokumenty 0 bytes File C:\WINDOWS\system32\config\systemprofile\NetHood 0 bytes File C:\WINDOWS\system32\config\systemprofile\ntuser.dat 270336 bytes File C:\WINDOWS\system32\config\systemprofile\PrintHood 0 bytes File C:\WINDOWS\system32\config\systemprofile\Pulpit 0 bytes File C:\WINDOWS\system32\config\systemprofile\Recent 0 bytes File C:\WINDOWS\system32\config\systemprofile\SendTo 0 bytes File C:\WINDOWS\system32\config\systemprofile\SendTo\Adresat poczty.MAPIMail 0 bytes File C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini 177 bytes File C:\WINDOWS\system32\config\systemprofile\SendTo\Folder skompresowany (zip).ZFSendToTarget 0 bytes File C:\WINDOWS\system32\config\systemprofile\SendTo\Pulpit (utwórz skrót).DeskLink 0 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony 0 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\amipro.sam 4570 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\excel.xls 5632 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\excel4.xls 1518 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\lotus.wk4 2448 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\powerpnt.ppt 12288 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\presenta.shw 461 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\quattro.wb2 4017 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\sndrec.wav 58 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\winword.doc 4608 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\winword2.doc 1769 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\wordpfct.wpd 30 bytes File C:\WINDOWS\system32\config\systemprofile\Szablony\wordpfct.wpg 57 bytes File C:\WINDOWS\system32\config\systemprofile\Ulubione 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Media Player 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Media Player\CurrentDatabase_59R.wmdb 720896 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\9.0 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\9.0\WMSDKNS.DTD 498 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\9.0\WMSDKNS.XML 12787 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\desktop.ini 62 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\desktop.ini 113 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\desktop.ini 113 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat 32768 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012011110420111105 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012011110420111105\index.dat 32768 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temp 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3Y8R4KL7 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3Y8R4KL7\desktop.ini 67 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\AKLD5ODT 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\AKLD5ODT\desktop.ini 67 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat 32768 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LPT9YTXV 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LPT9YTXV\desktop.ini 67 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TCVECG8L 0 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TCVECG8L\desktop.ini 67 bytes File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\desktop.ini 67 bytes File C:\WINDOWS\system32\DirectX\Dinput\actc094.ini 4069 bytes File C:\WINDOWS\system32\DirectX\Dinput\act_rs.png 96731 bytes File C:\WINDOWS\system32\DirectX\Dinput\glmda.ini 13804 bytes File C:\WINDOWS\system32\DirectX\Dinput\glmda.png 74585 bytes File C:\WINDOWS\system32\DirectX\Dinput\glmdiggp.ini 11886 bytes File C:\WINDOWS\system32\DirectX\Dinput\glmdiggp.png 73786 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr3001.ini 5013 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr3001.png 37743 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr3001_g.ini 3865 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4001.ini 16226 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4001.png 31621 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4001_g.ini 14416 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4001_g.png 27459 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4003.ini 3529 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4003.png 30100 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4005.ini 2142 bytes File C:\WINDOWS\system32\DirectX\Dinput\gr4005.png 34022 bytes File C:\WINDOWS\system32\DirectX\Dinput\hammer.ini 18594 bytes File C:\WINDOWS\system32\DirectX\Dinput\ia3002.ini 11865 bytes File C:\WINDOWS\system32\DirectX\Dinput\ia3002_1.png 59005 bytes File C:\WINDOWS\system32\DirectX\Dinput\ia3002_2.png 51179 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc202.ini 5809 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc202.png 31539 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc207.ini 13610 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc207.png 36408 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc209.ini 3971 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc209.png 38899 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc20a.ini 6735 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc20a.png 39453 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc291.ini 2409 bytes File C:\WINDOWS\system32\DirectX\Dinput\lgc291.png 29503 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b.png 50325 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_01.png 2018 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_02.png 739 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_03.png 581 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_04.png 788 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_05.png 380 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_06.png 406 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_07.png 575 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_08.png 576 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_09.png 645 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b_10.png 641 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26.ini 8389 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26.png 66085 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_01.png 3084 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_02.png 1535 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_03.png 1216 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_04.png 1150 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_05.png 1132 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_06.png 1099 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_08.png 910 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27.ini 4510 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27.png 63020 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27_1.png 3396 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27_2.png 1389 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27_3.png 1334 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27_4.png 1136 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms27_5.png 1111 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28.ini 3203 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28.png 68342 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_1.png 790 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_2.png 932 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_3.png 883 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_4.png 1014 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_5.png 1073 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_6.png 1135 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_7.png 1228 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms28_8.png 4372 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34.ini 6761 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse.png 69437 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_1.png 3973 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_10.png 1113 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_2.png 1204 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_3.png 1294 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_4.png 1154 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_5.png 1322 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_6.png 1241 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_7.png 1277 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_8.png 892 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_9.png 1721 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse_g.ini 6085 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f.ini 5915 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f.png 60612 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_1.png 1293 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_10.png 832 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_2.png 1125 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_3.png 891 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_4.png 639 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_5.png 963 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_6.png 982 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_7.png 1071 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_8.png 829 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_9.png 1207 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_g.ini 3068 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8.ini 6073 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8.png 55905 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_1.png 2355 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_10.png 1518 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_2.png 681 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_3.png 1091 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_4.png 450 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_5.png 495 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_6.png 715 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_7.png 748 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_8.png 769 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_9.png 769 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms8_g.ini 5832 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_8.png 743 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_9.png 864 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6.ini 5171 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6.png 58484 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_1.png 1130 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_10.png 1414 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_2.png 681 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_3.png 510 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_4.png 511 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_5.png 792 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_6.png 753 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_7.png 774 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_8.png 757 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms6_9.png 2436 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7.ini 3106 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7.png 65985 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_1.png 4412 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_2.png 1254 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_3.png 1278 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms1b.ini 14450 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms26_07.png 962 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34.png 58085 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_7.png 846 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms7_4.png 1301 bytes File C:\WINDOWS\system32\DirectX\Dinput\mse.ini 4543 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_5.png 646 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_6.png 947 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_7.png 850 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_8.png 870 bytes File C:\WINDOWS\system32\DirectX\Dinput\msf1f_9.png 765 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw.ini 3951 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw.png 51544 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_1.png 4040 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_2.png 6043 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_3.png 1444 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_4.png 1365 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_5.png 1423 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_6.png 1380 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_7.png 1697 bytes File C:\WINDOWS\system32\DirectX\Dinput\msprw_8.png 1476 bytes File C:\WINDOWS\system32\DirectX\Dinput\raiderpd.ini 24142 bytes File C:\WINDOWS\system32\DirectX\Dinput\SV-262e1.png 52876 bytes File C:\WINDOWS\system32\DirectX\Dinput\SV-262e3.png 53104 bytes File C:\WINDOWS\system32\DirectX\Dinput\SV-262e4.png 92178 bytes File C:\WINDOWS\system32\DirectX\Dinput\sv2511.png 42674 bytes File C:\WINDOWS\system32\DirectX\Dinput\sv2512.png 90339 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_01.png 5085 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_02.png 3382 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_03.png 595 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_04.png 1006 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_05.png 1152 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_06.png 575 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_07.png 592 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms34_08.png 585 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b.ini 2078 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b.png 43640 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_1.png 3109 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_2.png 2534 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_3.png 2313 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_4.png 2387 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_a.png 4381 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_c.png 7794 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_m.png 3431 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms3b_t.png 3638 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56.ini 5848 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56.png 59623 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_1.png 2796 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_10.png 885 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_2.png 862 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_3.png 990 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_4.png 937 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_5.png 523 bytes File C:\WINDOWS\system32\DirectX\Dinput\ms56_6.png 496 bytes File C:\WINDOWS\system32\CatRoot\TMP5B.tmp 9581 bytes File C:\WINDOWS\system32\CatRoot\TMP30.tmp 620500 bytes File C:\WINDOWS\system32\CatRoot\TMP31.tmp 620500 bytes File C:\WINDOWS\system32\CatRoot\TMP33.tmp 1896400 bytes File C:\WINDOWS\system32\CatRoot\TMP35.tmp 1896400 bytes File C:\WINDOWS\system32\CatRoot\TMP49.tmp 1014483 bytes File C:\WINDOWS\system32\CatRoot\TMP4C.tmp 1086058 bytes File C:\WINDOWS\system32\CatRoot\TMP4F.tmp 808524 bytes File C:\WINDOWS\system32\CatRoot\TMP52.tmp 399670 bytes File C:\WINDOWS\system32\CatRoot\TMP55.tmp 30983 bytes File C:\WINDOWS\system32\CatRoot\TMP58.tmp 14043 bytes File C:\WINDOWS\system32\CatRoot\TMP5E.tmp 13497 bytes File C:\WINDOWS\system32\CatRoot\TMP61.tmp 37509 bytes File C:\WINDOWS\system32\CatRoot\TMP64.tmp 7334 bytes File C:\WINDOWS\system32\CatRoot\TMP67.tmp 8599 bytes File C:\WINDOWS\system32\CatRoot\TMP6A.tmp 7245 bytes File C:\WINDOWS\system32\CatRoot\TMP6D.tmp 7382 bytes File C:\WINDOWS\system32\CatRoot\TMP70.tmp 102826 bytes File C:\WINDOWS\system32\CatRoot\TMP73.tmp 31965 bytes File C:\WINDOWS\system32\CatRoot\TMP76.tmp 141702 bytes File C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} 0 bytes File C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp 8 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} 0 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MAPIMIG.CAT 399670 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\945gm.CAT 7515 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\dmi_pci.CAT 9065 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\drmclien.cat 6429 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\FP4.CAT 30983 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HPCRDP.CAT 13497 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IASNT4.CAT 8599 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ich7core.CAT 8757 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ich7ide.CAT 8755 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ich7usb.CAT 8177 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IMS.CAT 14043 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB888111WXPSP2.cat 29535 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mediactr.cat 31965 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSMSGS.CAT 9581 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSTSWEB.CAT 7245 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MW770.CAT 37509 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\netfx.cat 141702 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT 1896400 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5IIS.CAT 808524 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT 620500 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NTPRINT.CAT 1086058 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT 8307 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT 42961 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT 20817 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem11.CAT 21238 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT 21238 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT 21238 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem14.CAT 11747 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT 12942 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.CAT 333764 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT 26011 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT 12018 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem26.CAT 12942 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT 11747 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT 15303 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem29.CAT 7878 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT 10754 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem4.CAT 16087 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.CAT 16087 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem6.CAT 14821 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT 13197 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.CAT 14670 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT 8920 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEMBIOS.CAT 7382 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\SP2.CAT 1014483 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tabletpc.cat 102826 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp 8 bytes File C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmerrenu.cat 7334 bytes File C:\WINDOWS\system32\CatRoot2\edb.chk 0 bytes ---- EOF - GMER 1.0.15 ----