diff --git a/src/game/AddonHandler.cpp b/src/game/AddonHandler.cpp
index 1f557dd9e..df2ed01a0 100644
--- a/src/game/AddonHandler.cpp
+++ b/src/game/AddonHandler.cpp
@@ -64,63 +64,84 @@ bool AddonHandler::BuildAddonPacket(WorldPacket *Source, WorldPacket *Target)
     if (Source->rpos() + 4 > Source->size())
         return false;
 
-    *Source >> TempValue;                                   //get real size of the packed structure
+    *Source >> TempValue;                                   // get real size of the packed structure
 
     // empty addon packet, nothing process, can't be received from real client
     if(!TempValue)
         return false;
 
-    AddonRealSize = TempValue;                              //temp value because ZLIB only excepts uLongf
+    AddonRealSize = TempValue;                              // temp value because ZLIB only excepts uLongf
 
-    CurrentPosition = Source->rpos();                       //get the position of the pointer in the structure
+    CurrentPosition = Source->rpos();                       // get the position of the pointer in the structure
 
-    AddOnPacked.resize(AddonRealSize);                      //resize target for zlib action
+    AddOnPacked.resize(AddonRealSize);                      // resize target for zlib action
 
     if (!uncompress(const_cast<uint8*>(AddOnPacked.contents()), &AddonRealSize, const_cast<uint8*>((*Source).contents() + CurrentPosition), (*Source).size() - CurrentPosition)!= Z_OK)
     {
         Target->Initialize(SMSG_ADDON_INFO);
 
-        while(AddOnPacked.rpos() < AddOnPacked.size())
+        uint32 addonsCount;
+        AddOnPacked >> addonsCount;                         // addons count?
+
+        for(uint32 i = 0; i < addonsCount; ++i)
         {
-            std::string AddonNames;
-            uint8 unk6;
-            uint32 crc, unk7;
+            std::string addonName;
+            uint8 enabled;
+            uint32 crc, unk2;
 
             // check next addon data format correctness
-            if(AddOnPacked.rpos()+1+4+4+1 > AddOnPacked.size())
+            if(AddOnPacked.rpos()+1 > AddOnPacked.size())
                 return false;
 
-            AddOnPacked >> AddonNames;
+            AddOnPacked >> addonName;
 
             // recheck next addon data format correctness
-            if(AddOnPacked.rpos()+4+4+1 > AddOnPacked.size())
+            if(AddOnPacked.rpos()+1+4+4 > AddOnPacked.size())
                 return false;
 
-            AddOnPacked >> crc >> unk7 >> unk6;
+            AddOnPacked >> enabled >> crc >> unk2;
 
-            //sLog.outDebug("ADDON: Name:%s CRC:%x Unknown1 :%x Unknown2 :%x", AddonNames.c_str(), crc, unk7, unk6);
+            sLog.outDebug("ADDON: Name: %s, Enabled: 0x%x, CRC: 0x%x, Unknown2: 0x%x", addonName.c_str(), enabled, crc, unk2);
 
-            *Target << (uint8)2;
+            uint8 state = (enabled ? 2 : 1);
+            *Target << uint8(state);
 
-            uint8 unk1 = 1;
-            *Target << (uint8)unk1;
+            uint8 unk1 = (enabled ? 1 : 0);
+            *Target << uint8(unk1);
             if (unk1)
             {
-                uint8 unk2 = crc != 0x1c776d01LL;           //If addon is Standard addon CRC
-                *Target << (uint8)unk2;
+                uint8 unk2 = (crc != 0x4c1c776d);           // If addon is Standard addon CRC
+                *Target << uint8(unk2);
                 if (unk2)
                     Target->append(tdata, sizeof(tdata));
 
-                *Target << (uint32)0;
+                *Target << uint32(0);
             }
 
-            uint8 unk3 = 0;
-            *Target << (uint8)unk3;
+            uint8 unk3 = (enabled ? 0 : 1);
+            *Target << uint8(unk3);
             if (unk3)
             {
-                // String, 256
+                // String, 256 (null terminated?)
+                *Target << uint8(0);
             }
         }
+
+        uint32 unk4;
+        AddOnPacked >> unk4;
+
+        uint32 count = 0;
+        *Target << uint32(count);
+        /*for(uint32 i = 0; i < count; ++i)
+        {
+            uint32
+            string (16 bytes)
+            string (16 bytes)
+            uint32
+        }*/
+
+        if(AddOnPacked.rpos() != AddOnPacked.size())
+            sLog.outDebug("packet under read!");
     }
     else
     {
diff --git a/src/game/GossipDef.cpp b/src/game/GossipDef.cpp
index c61ab5e10..1f186f965 100644
--- a/src/game/GossipDef.cpp
+++ b/src/game/GossipDef.cpp
@@ -593,11 +593,17 @@ void PlayerMenu::SendQuestQueryResponse( Quest const *pQuest )
             data << uint32(pQuest->ReqCreatureOrGOId[iI]);
         }
         data << uint32(pQuest->ReqCreatureOrGOCount[iI]);
-        data << uint32(pQuest->ReqItemId[iI]);
-        data << uint32(pQuest->ReqItemCount[iI]);
+        //data << uint32(pQuest->ReqItemId[iI]);
+        //data << uint32(pQuest->ReqItemCount[iI]);
         data << uint32(0);                                  // added in WotLK, dunno if offset if correct
     }
 
+    for (iI = 0; iI < 5; ++iI)                              // items?
+    {
+        data << uint32(0);
+        data << uint32(0);
+    }
+
     for (iI = 0; iI < QUEST_OBJECTIVES_COUNT; iI++)
         data << ObjectiveText[iI];
 
diff --git a/src/game/Spell.cpp b/src/game/Spell.cpp
index f94b22121..d33c3010b 100644
--- a/src/game/Spell.cpp
+++ b/src/game/Spell.cpp
@@ -170,7 +170,7 @@ bool SpellCastTargets::read ( WorldPacket * data, Unit *caster )
         if(!readGUID(*data, m_unitTargetGUID))
             return false;
 
-    if( m_targetMask & ( TARGET_FLAG_OBJECT | TARGET_FLAG_OBJECT_UNK ))
+    if( m_targetMask & ( TARGET_FLAG_OBJECT ))
         if(!readGUID(*data, m_GOTargetGUID))
             return false;
 
@@ -178,6 +178,10 @@ bool SpellCastTargets::read ( WorldPacket * data, Unit *caster )
         if(!readGUID(*data, m_itemTargetGUID))
             return false;
 
+    if( m_targetMask & (TARGET_FLAG_CORPSE | TARGET_FLAG_PVP_CORPSE ) )
+        if(!readGUID(*data, m_CorpseTargetGUID))
+            return false;
+
     if( m_targetMask & TARGET_FLAG_SOURCE_LOCATION )
     {
         if(data->rpos()+4+4+4 > data->size())
@@ -190,7 +194,10 @@ bool SpellCastTargets::read ( WorldPacket * data, Unit *caster )
 
     if( m_targetMask & TARGET_FLAG_DEST_LOCATION )
     {
-        if(data->rpos()+4+4+4 > data->size())
+        if(data->rpos()+1+4+4+4 > data->size())
+            return false;
+
+        if(!readGUID(*data, m_unitTargetGUID))
             return false;
 
         *data >> m_destX >> m_destY >> m_destZ;
@@ -206,10 +213,6 @@ bool SpellCastTargets::read ( WorldPacket * data, Unit *caster )
         *data >> m_strTarget;
     }
 
-    if( m_targetMask & (TARGET_FLAG_CORPSE | TARGET_FLAG_PVP_CORPSE ) )
-        if(!readGUID(*data, m_CorpseTargetGUID))
-            return false;
-
     // find real units/GOs
     Update(caster);
     return true;
@@ -219,7 +222,7 @@ void SpellCastTargets::write ( WorldPacket * data )
 {
     *data << uint32(m_targetMask);
 
-    if( m_targetMask & ( TARGET_FLAG_UNIT | TARGET_FLAG_PVP_CORPSE | TARGET_FLAG_OBJECT | TARGET_FLAG_OBJECT_UNK | TARGET_FLAG_CORPSE | TARGET_FLAG_UNK2 ) )
+    if( m_targetMask & ( TARGET_FLAG_UNIT | TARGET_FLAG_PVP_CORPSE | TARGET_FLAG_OBJECT | TARGET_FLAG_CORPSE | TARGET_FLAG_UNK2 ) )
     {
         if(m_targetMask & TARGET_FLAG_UNIT)
         {
@@ -228,7 +231,7 @@ void SpellCastTargets::write ( WorldPacket * data )
             else
                 *data << uint8(0);
         }
-        else if( m_targetMask & ( TARGET_FLAG_OBJECT | TARGET_FLAG_OBJECT_UNK ) )
+        else if( m_targetMask & TARGET_FLAG_OBJECT )
         {
             if(m_GOTarget)
                 data->append(m_GOTarget->GetPackGUID());
@@ -253,7 +256,14 @@ void SpellCastTargets::write ( WorldPacket * data )
         *data << m_srcX << m_srcY << m_srcZ;
 
     if( m_targetMask & TARGET_FLAG_DEST_LOCATION )
+    {
+        if(m_unitTarget)
+            data->append(m_unitTarget->GetPackGUID());
+        else
+            *data << uint8(0);
+
         *data << m_destX << m_destY << m_destZ;
+    }
 
     if( m_targetMask & TARGET_FLAG_STRING )
         *data << m_strTarget;