GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-09 15:53:08 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST380011A rev.3.04 Running: gvpn52wr.exe; Driver: C:\DOCUME~1\MATEUS~1\LOCALS~1\Temp\pwtoypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB6FD1F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB6FD1FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB6FD2080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB6FD211C] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF66A7380, 0x8D6CD5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Bonjour\mDNSResponder.exe[128] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007F6390 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007F6640 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007F53D0 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007F5300 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F11C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007F1290 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007F2570 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007F1000 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007F10A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007F2510 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007F1D10 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 007F20A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 007F23A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[128] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 007F2160 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DD6390 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DD6640 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DD53D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DD5300 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD11C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD1290 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DD2570 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DD1000 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DD10A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DD2510 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00DD1D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00DD20A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00DD23A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[224] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00DD2160 .text C:\WINDOWS\system32\nvsvc32.exe[244] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01326390 .text C:\WINDOWS\system32\nvsvc32.exe[244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01326640 .text C:\WINDOWS\system32\nvsvc32.exe[244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013253D0 .text C:\WINDOWS\system32\nvsvc32.exe[244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01325300 .text C:\WINDOWS\system32\nvsvc32.exe[244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013211C0 .text C:\WINDOWS\system32\nvsvc32.exe[244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01321290 .text C:\WINDOWS\system32\nvsvc32.exe[244] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01322570 .text C:\WINDOWS\system32\nvsvc32.exe[244] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01321000 .text C:\WINDOWS\system32\nvsvc32.exe[244] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013210A0 .text C:\WINDOWS\system32\nvsvc32.exe[244] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01322510 .text C:\WINDOWS\system32\nvsvc32.exe[244] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01321D10 .text C:\WINDOWS\system32\nvsvc32.exe[244] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 013220A0 .text C:\WINDOWS\system32\nvsvc32.exe[244] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 013223A0 .text C:\WINDOWS\system32\nvsvc32.exe[244] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 01322160 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D46390 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D46640 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D453D0 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D45300 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D411C0 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D41290 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D42570 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D41000 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D410A0 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D42510 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00D41D10 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00D420A0 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00D423A0 .text C:\Program Files\Razer\Copperhead\razerofa.exe[260] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00D42160 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Program Files\AVG\AVG2012\avgemcx.exe[268] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010A6390 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 010A6640 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010A53D0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010A5300 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A11C0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010A1290 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 010A2570 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 010A1000 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010A10A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 010A2510 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 010A1D10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 010A20A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 010A23A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[592] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 010A2160 .text C:\WINDOWS\system32\csrss.exe[668] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01566390 .text C:\WINDOWS\system32\csrss.exe[668] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01566640 .text C:\WINDOWS\system32\csrss.exe[668] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015653D0 .text C:\WINDOWS\system32\csrss.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01565300 .text C:\WINDOWS\system32\csrss.exe[668] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 015611C0 .text C:\WINDOWS\system32\csrss.exe[668] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 01561290 .text C:\WINDOWS\system32\csrss.exe[668] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 01562570 .text C:\WINDOWS\system32\csrss.exe[668] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01561000 .text C:\WINDOWS\system32\csrss.exe[668] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015610A0 .text C:\WINDOWS\system32\csrss.exe[668] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01562510 .text C:\WINDOWS\system32\csrss.exe[668] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01561D10 .text C:\WINDOWS\system32\csrss.exe[668] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 015620A0 .text C:\WINDOWS\system32\csrss.exe[668] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 015623A0 .text C:\WINDOWS\system32\csrss.exe[668] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 01562160 .text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A26390 .text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A26640 .text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A253D0 .text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A25300 .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A211C0 .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A21290 .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01A22570 .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01A21000 .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01A210A0 .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01A22510 .text C:\WINDOWS\system32\winlogon.exe[692] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01A21D10 .text C:\WINDOWS\system32\winlogon.exe[692] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 01A220A0 .text C:\WINDOWS\system32\winlogon.exe[692] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 01A223A0 .text C:\WINDOWS\system32\winlogon.exe[692] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 01A22160 .text C:\WINDOWS\system32\RunDLL32.exe[712] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013F6390 .text C:\WINDOWS\system32\RunDLL32.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013F6640 .text C:\WINDOWS\system32\RunDLL32.exe[712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013F53D0 .text C:\WINDOWS\system32\RunDLL32.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013F5300 .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F11C0 .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013F1290 .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 013F2570 .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013F1000 .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013F10A0 .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013F2510 .text C:\WINDOWS\system32\RunDLL32.exe[712] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 013F1D10 .text C:\WINDOWS\system32\RunDLL32.exe[712] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 013F20A0 .text C:\WINDOWS\system32\RunDLL32.exe[712] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 013F23A0 .text C:\WINDOWS\system32\RunDLL32.exe[712] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 013F2160 .text C:\WINDOWS\system32\services.exe[736] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01166390 .text C:\WINDOWS\system32\services.exe[736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01166640 .text C:\WINDOWS\system32\services.exe[736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011653D0 .text C:\WINDOWS\system32\services.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01165300 .text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011611C0 .text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01161290 .text C:\WINDOWS\system32\services.exe[736] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01162570 .text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01161000 .text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011610A0 .text C:\WINDOWS\system32\services.exe[736] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01162510 .text C:\WINDOWS\system32\services.exe[736] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01161D10 .text C:\WINDOWS\system32\services.exe[736] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 011620A0 .text C:\WINDOWS\system32\services.exe[736] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 011623A0 .text C:\WINDOWS\system32\services.exe[736] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 01162160 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C06390 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C06640 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C053D0 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C05300 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C011C0 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C01290 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C02570 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C01000 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C010A0 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C02510 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C01D10 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00C020A0 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00C023A0 .text C:\Program Files\Razer\Copperhead\razerhid.exe[864] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00C02160 .text C:\WINDOWS\Mixer.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02306390 .text C:\WINDOWS\Mixer.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02306640 .text C:\WINDOWS\Mixer.exe[884] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 023053D0 .text C:\WINDOWS\Mixer.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02305300 .text C:\WINDOWS\Mixer.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 023011C0 .text C:\WINDOWS\Mixer.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02301290 .text C:\WINDOWS\Mixer.exe[884] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02302570 .text C:\WINDOWS\Mixer.exe[884] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02301000 .text C:\WINDOWS\Mixer.exe[884] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 023010A0 .text C:\WINDOWS\Mixer.exe[884] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02302510 .text C:\WINDOWS\Mixer.exe[884] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02301D10 .text C:\WINDOWS\Mixer.exe[884] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 023020A0 .text C:\WINDOWS\Mixer.exe[884] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 023023A0 .text C:\WINDOWS\Mixer.exe[884] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 02302160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009F6390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009F6640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009F53D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009F5300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F11C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F1290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009F2570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009F1000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009F10A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009F2510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 009F20A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 009F23A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 009F2160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[888] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 009F1D10 .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02416390 .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02416640 .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024153D0 .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02415300 .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024111C0 .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02411290 .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02412570 .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02411000 .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 024110A0 .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02412510 .text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02411D10 .text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 024120A0 .text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 024123A0 .text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 02412160 .text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CC6390 .text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CC6640 .text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CC53D0 .text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CC5300 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC11C0 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC1290 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CC2570 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CC1000 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CC10A0 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CC2510 .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00CC1D10 .text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00CC20A0 .text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00CC23A0 .text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00CC2160 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02576390 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02576640 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 025753D0 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02575300 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025711C0 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02571290 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02572570 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02571000 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 025710A0 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02572510 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02571D10 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 025720A0 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 025723A0 .text C:\Program Files\iTunes\iTunesHelper.exe[1036] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 02572160 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 030A6390 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 030A6640 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 030A53D0 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 030A5300 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 030A11C0 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 030A1290 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 030A2570 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 030A1000 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 030A10A0 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 030A2510 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 030A1D10 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 030A20A0 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 030A23A0 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1052] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 030A2160 .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03966390 .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03966640 .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 039653D0 .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03965300 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 039611C0 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03961290 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03962570 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03961000 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 039610A0 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03962510 .text C:\WINDOWS\System32\svchost.exe[1092] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 03961D10 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 039620A0 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 039623A0 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 03962160 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE6390 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AE6640 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AE53D0 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AE5300 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE11C0 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE1290 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AE2570 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AE1000 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AE10A0 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AE2510 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00AE1D10 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00AE20A0 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00AE23A0 .text C:\Program Files\Razer\Copperhead\razertra.exe[1152] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00AE2160 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00696390 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00696640 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006953D0 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00695300 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006911C0 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00691290 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00692570 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00691000 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006910A0 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00692510 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00691D10 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 006920A0 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 006923A0 .text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1172] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00692160 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00936390 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00936640 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009353D0 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00935300 .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009311C0 .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00931290 .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00932570 .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00931000 .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009310A0 .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00932510 .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00931D10 .text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 009320A0 .text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 009323A0 .text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00932160 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DC6390 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DC6640 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DC53D0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DC5300 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC11C0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC1290 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DC2570 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DC1000 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DC10A0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DC2510 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00DC1D10 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00DC20A0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00DC23A0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[1332] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00DC2160 .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C76390 .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C76640 .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C753D0 .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C75300 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C711C0 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C71290 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C72570 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C71000 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C710A0 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C72510 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C71D10 .text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00C720A0 .text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00C723A0 .text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00C72160 .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E56390 .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E56640 .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E553D0 .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E55300 .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E511C0 .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E51290 .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E52570 .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E51000 .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E510A0 .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E52510 .text C:\WINDOWS\system32\spoolsv.exe[1516] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00E51D10 .text C:\WINDOWS\system32\spoolsv.exe[1516] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00E520A0 .text C:\WINDOWS\system32\spoolsv.exe[1516] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00E523A0 .text C:\WINDOWS\system32\spoolsv.exe[1516] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00E52160 .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C46390 .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C46640 .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C453D0 .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C45300 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C411C0 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C41290 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C42570 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C41000 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C410A0 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C42510 .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C41D10 .text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00C420A0 .text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00C423A0 .text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00C42160 .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A46390 .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A46640 .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A453D0 .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A45300 .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A411C0 .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A41290 .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A42570 .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A41000 .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A410A0 .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A42510 .text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00A420A0 .text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00A423A0 .text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00A42160 .text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A41D10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E46390 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E46640 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E453D0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E45300 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E411C0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E41290 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E42570 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E41000 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E410A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E42510 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00E41D10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00E420A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00E423A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00E42160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00196390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00196640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00195300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001923A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00192160 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BF6390 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BF6640 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BF53D0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BF5300 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF11C0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF1290 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BF2570 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BF1000 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BF10A0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BF2510 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BF1D10 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00BF20A0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00BF23A0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1744] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00BF2160 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 027E6390 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 027E6640 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 027E53D0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 027E5300 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027E11C0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027E1290 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 027E2570 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 027E1000 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 027E10A0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 027E2510 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 027E1D10 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 027E20A0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 027E23A0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[1828] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 027E2160 .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01276390 .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01276640 .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012753D0 .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01275300 .text C:\WINDOWS\Explorer.EXE[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012711C0 .text C:\WINDOWS\Explorer.EXE[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01271290 .text C:\WINDOWS\Explorer.EXE[1888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01272570 .text C:\WINDOWS\Explorer.EXE[1888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01271000 .text C:\WINDOWS\Explorer.EXE[1888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012710A0 .text C:\WINDOWS\Explorer.EXE[1888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01272510 .text C:\WINDOWS\Explorer.EXE[1888] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 012720A0 .text C:\WINDOWS\Explorer.EXE[1888] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 012723A0 .text C:\WINDOWS\Explorer.EXE[1888] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 01272160 .text C:\WINDOWS\Explorer.EXE[1888] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01271D10 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A86390 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A86640 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A853D0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A85300 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A811C0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A81290 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01A82570 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01A81000 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01A810A0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01A82510 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01A81D10 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] WININET.dll!HttpSendRequestA 771C60C1 3 Bytes JMP 01A820A0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] WININET.dll!HttpSendRequestA + 4 771C60C5 1 Byte [8A] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 01A823A0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1956] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 01A82160 .text C:\Program Files\iPod\bin\iPodService.exe[2136] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B76390 .text C:\Program Files\iPod\bin\iPodService.exe[2136] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B76640 .text C:\Program Files\iPod\bin\iPodService.exe[2136] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B753D0 .text C:\Program Files\iPod\bin\iPodService.exe[2136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B75300 .text C:\Program Files\iPod\bin\iPodService.exe[2136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\Program Files\iPod\bin\iPodService.exe[2136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B71290 .text C:\Program Files\iPod\bin\iPodService.exe[2136] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B72570 .text C:\Program Files\iPod\bin\iPodService.exe[2136] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B71000 .text C:\Program Files\iPod\bin\iPodService.exe[2136] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B710A0 .text C:\Program Files\iPod\bin\iPodService.exe[2136] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B72510 .text C:\Program Files\iPod\bin\iPodService.exe[2136] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B71D10 .text C:\Program Files\iPod\bin\iPodService.exe[2136] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00B720A0 .text C:\Program Files\iPod\bin\iPodService.exe[2136] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00B723A0 .text C:\Program Files\iPod\bin\iPodService.exe[2136] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00B72160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00196390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00196640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00195300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001923A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00192160 .text C:\WINDOWS\system32\taskmgr.exe[2184] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000B6390 .text C:\WINDOWS\system32\taskmgr.exe[2184] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000B6640 .text C:\WINDOWS\system32\taskmgr.exe[2184] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000B53D0 .text C:\WINDOWS\system32\taskmgr.exe[2184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000B5300 .text C:\WINDOWS\system32\taskmgr.exe[2184] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\taskmgr.exe[2184] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000B1290 .text C:\WINDOWS\system32\taskmgr.exe[2184] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000B2570 .text C:\WINDOWS\system32\taskmgr.exe[2184] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\taskmgr.exe[2184] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\taskmgr.exe[2184] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000B2510 .text C:\WINDOWS\system32\taskmgr.exe[2184] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\system32\taskmgr.exe[2184] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 000B20A0 .text C:\WINDOWS\system32\taskmgr.exe[2184] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 000B23A0 .text C:\WINDOWS\system32\taskmgr.exe[2184] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 000B2160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2564] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Program Files\AVG\AVG2012\avgnsx.exe[2584] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AF6390 .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AF6640 .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AF53D0 .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AF5300 .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AF11C0 .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AF1290 .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AF2570 .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AF1000 .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AF10A0 .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AF2510 .text C:\WINDOWS\System32\alg.exe[2608] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00AF1D10 .text C:\WINDOWS\System32\alg.exe[2608] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 00AF20A0 .text C:\WINDOWS\System32\alg.exe[2608] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 00AF23A0 .text C:\WINDOWS\System32\alg.exe[2608] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00AF2160 .text C:\WINDOWS\notepad.exe[2704] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000B6390 .text C:\WINDOWS\notepad.exe[2704] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000B6640 .text C:\WINDOWS\notepad.exe[2704] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000B53D0 .text C:\WINDOWS\notepad.exe[2704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000B5300 .text C:\WINDOWS\notepad.exe[2704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000B11C0 .text C:\WINDOWS\notepad.exe[2704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000B1290 .text C:\WINDOWS\notepad.exe[2704] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000B2570 .text C:\WINDOWS\notepad.exe[2704] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000B1000 .text C:\WINDOWS\notepad.exe[2704] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000B10A0 .text C:\WINDOWS\notepad.exe[2704] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000B2510 .text C:\WINDOWS\notepad.exe[2704] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\notepad.exe[2704] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 000B20A0 .text C:\WINDOWS\notepad.exe[2704] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 000B23A0 .text C:\WINDOWS\notepad.exe[2704] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 000B2160 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2868] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00196390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00196640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00195300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001923A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00192160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2988] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3256] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00196390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00196640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00195300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001923A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00192160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00196390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00196640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00195300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001923A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00192160 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3452] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00196390 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00196640 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00195300 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001923A0 .text C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00192160 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] WININET.dll!HttpSendRequestA 771C60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] WININET.dll!InternetWriteFile 771F8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Mateusz Borowiak\My Documents\Downloads\gvpn52wr.exe[3892] WININET.dll!HttpSendRequestW 77213244 5 Bytes JMP 00162160 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3372] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 IAT C:\Documents and Settings\Mateusz Borowiak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Vwdadv C:\Documents and Settings\Mateusz Borowiak\Application Data\Vwdadv.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Mateusz Borowiak\Application Data\Vwdadv.exe ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Mateusz Borowiak\Application Data\Vwdadv.exe.rmv 391800 bytes executable ---- EOF - GMER 1.0.15 ----