GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-09 13:59:58 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34 Running: tf9g4c5y.exe; Driver: C:\DOCUME~1\Gliwice\LOCALS~1\Temp\awryipow.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9D01F80] init C:\WINDOWS\system32\drivers\egatebus.sys entry point in "init" section [0xBAD98320] init C:\WINDOWS\system32\DRIVERS\smccard.sys entry point in "init" section [0xBA5C4D58] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[500] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[552] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01156390 .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01156640 .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011553D0 .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01155300 .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 011511C0 .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01151290 .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 01152570 .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01151000 .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 011510A0 .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01152510 .text C:\WINDOWS\system32\csrss.exe[596] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01151D10 .text C:\WINDOWS\system32\csrss.exe[596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01157250 .text C:\WINDOWS\system32\csrss.exe[596] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 011520A0 .text C:\WINDOWS\system32\csrss.exe[596] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 011523A0 .text C:\WINDOWS\system32\csrss.exe[596] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01152160 .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01C76390 .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01C76640 .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01C753D0 .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01C75300 .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01C711C0 .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01C71290 .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01C72570 .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01C71000 .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01C710A0 .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01C72510 .text C:\WINDOWS\system32\winlogon.exe[620] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01C71D10 .text C:\WINDOWS\system32\winlogon.exe[620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01C77250 .text C:\WINDOWS\system32\winlogon.exe[620] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 01C720A0 .text C:\WINDOWS\system32\winlogon.exe[620] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 01C723A0 .text C:\WINDOWS\system32\winlogon.exe[620] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01C72160 .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00FA6390 .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00FA6640 .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00FA53D0 .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00FA5300 .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA11C0 .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FA1290 .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00FA2570 .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00FA1000 .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00FA10A0 .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00FA2510 .text C:\WINDOWS\system32\services.exe[664] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00FA1D10 .text C:\WINDOWS\system32\services.exe[664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FA7250 .text C:\WINDOWS\system32\services.exe[664] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00FA20A0 .text C:\WINDOWS\system32\services.exe[664] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00FA23A0 .text C:\WINDOWS\system32\services.exe[664] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00FA2160 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00AE6390 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00AE6640 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00AE53D0 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AE5300 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE11C0 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AE1290 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00AE2570 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00AE1000 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00AE10A0 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00AE2510 .text C:\WINDOWS\system32\svchost.exe[832] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00AE1D10 .text C:\WINDOWS\system32\svchost.exe[832] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AE7250 .text C:\WINDOWS\system32\svchost.exe[832] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00AE20A0 .text C:\WINDOWS\system32\svchost.exe[832] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00AE23A0 .text C:\WINDOWS\system32\svchost.exe[832] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00AE2160 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[840] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C26390 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C26640 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C253D0 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C25300 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C21290 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C22570 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C21000 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C210A0 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C22510 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C21D10 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C27250 .text C:\WINDOWS\system32\svchost.exe[908] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C220A0 .text C:\WINDOWS\system32\svchost.exe[908] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C223A0 .text C:\WINDOWS\system32\svchost.exe[908] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C22160 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[968] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01C26390 .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01C26640 .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01C253D0 .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01C25300 .text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01C211C0 .text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01C21290 .text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01C22570 .text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01C21000 .text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01C210A0 .text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01C22510 .text C:\WINDOWS\System32\svchost.exe[1000] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01C21D10 .text C:\WINDOWS\System32\svchost.exe[1000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01C27250 .text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 01C220A0 .text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 01C223A0 .text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01C22160 .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A323A0 .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A32160 .text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01B36390 .text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01B36640 .text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01B353D0 .text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01B35300 .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01B311C0 .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01B31290 .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01B32570 .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01B31000 .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01B310A0 .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01B32510 .text C:\WINDOWS\Explorer.EXE[1260] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 01B320A0 .text C:\WINDOWS\Explorer.EXE[1260] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 01B323A0 .text C:\WINDOWS\Explorer.EXE[1260] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01B32160 .text C:\WINDOWS\Explorer.EXE[1260] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01B31D10 .text C:\WINDOWS\Explorer.EXE[1260] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B37250 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00796390 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00796640 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007953D0 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00795300 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007911C0 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00791290 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00792570 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00791000 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007910A0 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00792510 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00791D10 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00797250 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 007920A0 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 007923A0 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00792160 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1320] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggdrive\ggdrive.exe[1332] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 009F6390 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 009F6640 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009F53D0 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009F5300 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F11C0 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009F1290 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 009F2570 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 009F1000 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009F10A0 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 009F2510 .text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 009F1D10 .text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009F7250 .text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 009F20A0 .text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 009F23A0 .text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 009F2160 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\IoctlSvc.exe[1448] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390 .text C:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640 .text C:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0 .text C:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300 .text C:\WINDOWS\system32\spoolsv.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0 .text C:\WINDOWS\system32\spoolsv.exe[1544] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290 .text C:\WINDOWS\system32\spoolsv.exe[1544] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570 .text C:\WINDOWS\system32\spoolsv.exe[1544] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000 .text C:\WINDOWS\system32\spoolsv.exe[1544] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0 .text C:\WINDOWS\system32\spoolsv.exe[1544] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510 .text C:\WINDOWS\system32\spoolsv.exe[1544] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\system32\spoolsv.exe[1544] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A57250 .text C:\WINDOWS\system32\spoolsv.exe[1544] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A520A0 .text C:\WINDOWS\system32\spoolsv.exe[1544] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A523A0 .text C:\WINDOWS\system32\spoolsv.exe[1544] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A52160 .text C:\WINDOWS\System32\SCardSvr.exe[1592] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007D6390 .text C:\WINDOWS\System32\SCardSvr.exe[1592] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007D6640 .text C:\WINDOWS\System32\SCardSvr.exe[1592] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007D53D0 .text C:\WINDOWS\System32\SCardSvr.exe[1592] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007D5300 .text C:\WINDOWS\System32\SCardSvr.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007D11C0 .text C:\WINDOWS\System32\SCardSvr.exe[1592] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007D1290 .text C:\WINDOWS\System32\SCardSvr.exe[1592] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007D2570 .text C:\WINDOWS\System32\SCardSvr.exe[1592] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007D1000 .text C:\WINDOWS\System32\SCardSvr.exe[1592] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007D10A0 .text C:\WINDOWS\System32\SCardSvr.exe[1592] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007D2510 .text C:\WINDOWS\System32\SCardSvr.exe[1592] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007D1D10 .text C:\WINDOWS\System32\SCardSvr.exe[1592] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007D7250 .text C:\WINDOWS\System32\SCardSvr.exe[1592] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 007D20A0 .text C:\WINDOWS\System32\SCardSvr.exe[1592] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 007D23A0 .text C:\WINDOWS\System32\SCardSvr.exe[1592] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 007D2160 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 000A2160 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[1704] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E66390 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E66640 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E653D0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E65300 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E611C0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E61290 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E62570 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E61000 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E610A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E62510 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00E61D10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E67250 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00E620A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00E623A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1744] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00E62160 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01126390 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01126640 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011253D0 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01125300 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011211C0 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01121290 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01122570 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01121000 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011210A0 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01122510 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 011220A0 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 011223A0 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01122160 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01121D10 .text C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01127250 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00F96390 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F96640 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F953D0 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F95300 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F911C0 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F91290 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00F92570 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00F91000 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00F910A0 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00F92510 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00F91D10 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F97250 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00F920A0 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00F923A0 .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1768] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00F92160 .text C:\WINDOWS\system32\ctfmon.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A66390 .text C:\WINDOWS\system32\ctfmon.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A66640 .text C:\WINDOWS\system32\ctfmon.exe[1796] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A653D0 .text C:\WINDOWS\system32\ctfmon.exe[1796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A65300 .text C:\WINDOWS\system32\ctfmon.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A611C0 .text C:\WINDOWS\system32\ctfmon.exe[1796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A61290 .text C:\WINDOWS\system32\ctfmon.exe[1796] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A62570 .text C:\WINDOWS\system32\ctfmon.exe[1796] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A61000 .text C:\WINDOWS\system32\ctfmon.exe[1796] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A610A0 .text C:\WINDOWS\system32\ctfmon.exe[1796] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A62510 .text C:\WINDOWS\system32\ctfmon.exe[1796] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A61D10 .text C:\WINDOWS\system32\ctfmon.exe[1796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A67250 .text C:\WINDOWS\system32\ctfmon.exe[1796] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A620A0 .text C:\WINDOWS\system32\ctfmon.exe[1796] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A623A0 .text C:\WINDOWS\system32\ctfmon.exe[1796] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A62160 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 010C6390 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 010C6640 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 010C53D0 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 010C5300 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!CreateFileA 7C801A28 3 Bytes JMP 010C11C0 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!CreateFileA + 4 7C801A2C 1 Byte [84] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!CreateFileW 7C8107F0 3 Bytes JMP 010C1290 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!CreateFileW + 4 7C8107F4 1 Byte [84] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 010C2570 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 010C1000 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 010C10A0 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 010C2510 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 010C1D10 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010C7250 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 010C20A0 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 010C23A0 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 010C2160 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 03476390 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 03476640 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 034753D0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 03475300 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034711C0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03471290 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 03472570 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 03471000 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 034710A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 03472510 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 03471D10 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03477250 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 034720A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 034723A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\gghub.exe[1812] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 03472160 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 018C6390 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 018C6640 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 018C53D0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 018C5300 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018C11C0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 018C1290 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 018C2570 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 018C1000 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 018C10A0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 018C2510 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 018C1D10 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018C7250 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 018C20A0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 018C23A0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[1820] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 018C2160 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01136390 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01136640 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011353D0 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01135300 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011311C0 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01131290 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01132570 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01131000 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011310A0 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01132510 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01131D10 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01137250 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 011320A0 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 011323A0 .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1876] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01132160 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02766390 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02766640 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 027653D0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02765300 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027611C0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 0176ED48 C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 0176ED8E C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02761290 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02762570 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02761000 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 027610A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02762510 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] GDI32.dll!CreateDIBSection 77F19E09 5 Bytes JMP 0176EDB5 C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02761D10 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02767250 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 027620A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 027623A0 .text C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\ggapp.exe[2020] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 02762160 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2092] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\WINDOWS\System32\alg.exe[2476] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[2476] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[2476] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[2476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[2476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[2476] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[2476] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[2476] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[2476] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[2476] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[2476] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[2476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[2476] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[2476] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\alg.exe[2476] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 000A2160 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\ThunderbirdPortable - Gliwice\ThunderbirdPortable.exe[3268] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\ThunderbirdPortable - Gliwice\App\thunderbird\thunderbird.exe[3284] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\OpenOffice.org 3\program\scalc.exe[3556] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00176390 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00176640 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001753D0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00175300 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001711C0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00171290 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00172570 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00171000 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001710A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00172510 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00171D10 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00177250 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001720A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001723A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3564] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00172160 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00066390 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00066640 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000653D0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00065300 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000611C0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00061290 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00062570 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00061000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000610A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00062510 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00061D10 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00067250 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 000620A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 000623A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3572] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00062160 .text C:\Program Files\Opera\opera.exe[3672] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Opera\opera.exe[3672] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Opera\opera.exe[3672] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Opera\opera.exe[3672] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Opera\opera.exe[3672] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\Opera\opera.exe[3672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Program Files\Opera\opera.exe[3672] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Program Files\Opera\opera.exe[3672] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Program Files\Opera\opera.exe[3672] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Gliwice\Desktop\tf9g4c5y.exe[4044] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160 ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Gliwice\Application Data\Wpnanw.exe Wpnanw Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-10078 Chooses default programs for certain activities, such as Web browsing or sending e-mail, and specifies which programs are accessible from the Start menu, desktop, and other locations. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\updates\0\updater.exe GG application Software Updater ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Gliwice\Application Data\Wpnanw.exe 236458 bytes executable File C:\_OTL\MovedFiles\12072012_162552\C_Documents and Settings\Gliwice\Application Data\Wpnanw.exe 236458 bytes executable ---- EOF - GMER 1.0.15 ----