Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser is VERY slow


  • This topic is locked This topic is locked
11 replies to this topic

#1 jaybilly

jaybilly

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 27 December 2008 - 01:42 PM

Thanks to all who support this website!

Problem:
- My browser is very slow. The time from double-clicking on our "Comcast" icon to getting the home page is very long. The time from going from one website to another is also long.

Comments:
- I have cable access internet. When I first got the access, the browser was much faster.
- I run Windows XP
- I now follow the internet security precautions - use McAFee from Comcast for firewall & antivirus, have the computer set for "automatic updates" from Windows and McAfee. I also run Spybot & AVG - downloading updates & scanning every couple weeks.
- HOWEVER, up until a year ago I wasn't following these precautions, and realized I may have allowed spyware onto my computer.
- When I first starting running Spybot about a year ago, the scans got stalled on "Coolwebsearch". I tried to procedures to remove it, but didn't have any luck. But now when I run the scans I don't get the Coolwebsearch item. I don't understand why it doesn't show up anymore, when the procedures didn't seem to remove it.
- Start up time for the computer (time from when the power is on until the time I can use the desktop) is good. It takes less time to start up the computer than for the browser to get to our Comcast home page.
- I followed Preparation Guide on this site prior to posting this - including the "Not all slow computers are caused by Malware" step. I didn't notice big difference in this items.


DDS report:


DDS (Version 1.1.0) - NTFSx86
Run by Bill at 22:22:53.35 on Fri 12/26/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.153 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\quickenw\QWDLLS.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winmine.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Microsoft Internet Explorer provided by Comcast
uSearch Bar = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: BndShell3 BHO Class: {8aba9a9c-8791-4d61-8d5b-bcc9448ea573} - c:\program files\ism\BndDrive7.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISMModule8] "c:\program files\ism\ISMModule8.exe"
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [nwiz] nwiz.exe /install
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\itsded~1.lnk - c:\program files\itsdeductible\ItsDeductible.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
uPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: NVDESK32.DLL
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2008-1-29 10872]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-14 201320]
R2 aawservice;Ad-Aware 2007 Service;"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" [2007-10-29 587096]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-14 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-14 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-14 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-14 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-14 40488]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS []
S3 Gcr432;Gcr432;c:\windows\system32\drivers\gcr432.sys [2001-5-10 89371]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys []

=============== Created Last 30 ================

2008-12-09 07:39 <DIR> --d----- c:\windows\system32\IOSUBSYS
2008-12-07 13:48 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-07 13:48 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-07 06:14 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2008-12-06 15:06 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-06 15:06 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-06 15:06 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-06 15:06 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2008-12-06 15:06 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2008-12-06 15:06 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2008-12-06 15:06 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2008-12-06 15:06 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2008-12-06 15:06 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-06 15:04 12,415 a------- c:\windows\system32\dllcache\wadv01nt.sys
2008-12-06 15:03 4,992 a------- c:\windows\system32\dllcache\toside.sys
2008-12-06 15:02 58,368 a------- c:\windows\system32\dllcache\smiminib.sys
2008-12-06 15:01 11,520 a------- c:\windows\system32\dllcache\scsiscan.sys
2008-12-06 15:00 45,312 a------- c:\windows\system32\dllcache\ql12160.sys
2008-12-06 14:59 25,088 a------- c:\windows\system32\dllcache\ovca.sys
2008-12-06 14:58 12,416 a------- c:\windows\system32\dllcache\msriffwv.sys
2008-12-06 14:57 4,992 a------- c:\windows\system32\dllcache\loop.sys
2008-12-06 14:56 26,624 a------- c:\windows\system32\dllcache\irstusb.sys
2008-12-06 14:55 10,096,640 a------- c:\windows\system32\dllcache\hwxcht.dll
2008-12-06 14:54 92,160 a------- c:\windows\system32\dllcache\fuusd.dll
2008-12-06 14:53 69,194 a------- c:\windows\system32\dllcache\el656cd5.sys
2008-12-06 14:52 86,016 a------- c:\windows\system32\dllcache\dc240usd.dll
2008-12-06 14:51 980,034 a------- c:\windows\system32\dllcache\cicap.sys
2008-12-06 14:50 66,082 a------- c:\windows\system32\dllcache\c_20924.nls
2008-12-06 14:49 15,360 a------- c:\windows\system32\dllcache\brmfbidi.dll
2008-12-06 14:48 14,848 a------- c:\windows\system32\dllcache\asc3550.sys
2008-12-06 14:47 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2008-11-30 09:20 936 a------- c:\windows\Mpcwty01.ini

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-25 07:19 538,480 a------- C:\autorunsc.exe
2008-11-25 07:19 644,976 a------- C:\autoruns.exe
2008-11-25 07:18 575,466 a------- c:\documents and settings\bill\Autoruns.zip
2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-24 06:21 455,296 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-01-29 23:44 14,113,576 a------- c:\documents and settings\bill\avgas-setup-7.5.1.43-3339.exe
2008-01-14 21:44 21,216,112 a------- c:\documents and settings\bill\aaw2007.exe
2008-01-14 21:01 532,480 a------- c:\documents and settings\bill\cwshredder.exe
2008-01-03 20:21 52,461 a------- c:\documents and settings\bill\delcwssk.zip
2008-01-03 20:20 52,461 a------- c:\program files\delcwssk.zip
2008-01-02 20:55 532,480 a------- c:\program files\cwshredder.exe
2006-04-14 19:19 78,232 a------- c:\docume~1\bill\applic~1\GDIPFONTCACHEV1.DAT
2005-12-17 09:55 4,126,240 a------- c:\program files\picasa2-current.exe
2005-12-03 11:33 70,635 a------- c:\program files\amexaug05.pdf
2005-12-02 15:31 11,817,800 a------- c:\program files\GoogleEarth.exe
2005-09-05 13:33 2,149,327 a------- c:\program files\SudokuSetup.exe
2008-08-26 20:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 22:24:48.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:42 AM

Posted 07 January 2009 - 01:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system, please.
Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 jaybilly

jaybilly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 10 January 2009 - 10:08 PM

Thanks for the reply!

Here's the DDS file. I've also attached the other file.


DDS (Ver_09-01-07.01) - NTFSx86
Run by Bill at 21:58:06.25 on Sat 01/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.149 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\quickenw\QWDLLS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Microsoft Internet Explorer provided by Comcast
uSearch Bar = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: BndShell3 BHO Class: {8aba9a9c-8791-4d61-8d5b-bcc9448ea573} - c:\program files\ism\BndDrive7.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {12DA1BC4-5384-42fd-A119-3C99D2D146A2} - No File
EB: Internet Speed Monitor: {1ed6a320-8af3-4f06-868a-9ba95585712e} - c:\program files\ism\BndDrive7.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISMModule8] "c:\program files\ism\ISMModule8.exe"
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [nwiz] nwiz.exe /install
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\itsded~1.lnk - c:\program files\itsdeductible\ItsDeductible.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
uPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: NVDESK32.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-14 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-14 40488]
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-14 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-14 144704]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\eacmos.sys --> c:\windows\system32\drivers\EACMOS.SYS [?]
S3 Gcr432;Gcr432;c:\windows\system32\drivers\Gcr432.sys [2001-5-10 89371]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-14 33832]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-01-10 08:53 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-10 08:53 1,409 a------- c:\windows\QTFont.for
2008-12-31 20:49 <DIR> --d----- c:\docume~1\bill\applic~1\Grisoft

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-07 13:48 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-07 06:14 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2008-11-25 07:19 538,480 a------- C:\autorunsc.exe
2008-11-25 07:19 644,976 a------- C:\autoruns.exe
2008-11-25 07:18 575,466 a------- c:\documents and settings\bill\Autoruns.zip
2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-24 06:21 455,296 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-01-29 23:44 14,113,576 a------- c:\documents and settings\bill\avgas-setup-7.5.1.43-3339.exe
2008-01-14 21:44 21,216,112 a------- c:\documents and settings\bill\aaw2007.exe
2008-01-14 21:01 532,480 a------- c:\documents and settings\bill\cwshredder.exe
2008-01-03 20:21 52,461 a------- c:\documents and settings\bill\delcwssk.zip
2008-01-03 20:20 52,461 a------- c:\program files\delcwssk.zip
2008-01-02 20:55 532,480 a------- c:\program files\cwshredder.exe
2006-04-14 19:19 78,232 a------- c:\docume~1\bill\applic~1\GDIPFONTCACHEV1.DAT
2005-12-17 09:55 4,126,240 a------- c:\program files\picasa2-current.exe
2005-12-03 11:33 70,635 a------- c:\program files\amexaug05.pdf
2005-12-02 15:31 11,817,800 a------- c:\program files\GoogleEarth.exe
2005-09-05 13:33 2,149,327 a------- c:\program files\SudokuSetup.exe
2008-08-26 20:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 21:59:10.40 ===============

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:42 AM

Posted 11 January 2009 - 10:37 PM

Hello, jaybilly
Hello, Bill. My name is Bill :thumbsup:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 jaybilly

jaybilly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 12 January 2009 - 10:34 PM

Hi Bill!

Here's the files:

Attached File  OTViewIt.Txt   91.61KB   26 downloads

Attached File  Extras.Txt   38.53KB   23 downloads


Here's the gmer results:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-12 22:34:51
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF5A3A9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF5A3AA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF5A3A958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF5A3A96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF5A3AA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF5A3AA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF5A3AAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF5A3AAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF5A3A9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF5A3AB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF5A3AA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5A3A930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5A3A944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF5A3A9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5A3AB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF5A3AAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF5A3AAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF5A3AA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5A3AB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF5A3AB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF5A3A996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF5A3A982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF5A3AA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF5A3AA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF5A3AB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF5A3AA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF5A3A9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP F5A3A9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP F5A3AA31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 4 Bytes JMP F5A3AAB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey + 5 8056A1F7 2 Bytes [ 90, 90 ]
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP F5A3A9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP F5A3A986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP F5A3AA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP F5A3AB5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP F5A3AAF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP F5A3A934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP F5A3A9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP F5A3AA9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP F5A3AA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP F5A3A9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP F5A3A970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP F5A3AA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP F5A3A948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP F5A3AB1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP F5A3AADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP F5A3AA85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP F5A3AA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP F5A3A95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP F5A3A99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP F5A3AB09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP F5A3AAC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP F5A3AA6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP F5A3AB33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP F5A3AB47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0FEF
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA0F5C
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0051
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0040
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0F83
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0025
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA006C
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0F30
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA0EF8
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA009B
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EA0EDD
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EA0F9E
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EA0FDE
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EA0F41
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EA0FB9
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EA000A
.text C:\Program Files\Messenger\msmsgs.exe[108] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EA0F13
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E80047
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E80FB6
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E8002C
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E8001B
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E80073
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E80000
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E80058
.text C:\Program Files\Messenger\msmsgs.exe[108] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E80FDB
.text C:\Program Files\Messenger\msmsgs.exe[108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FE5
.text C:\Program Files\Messenger\msmsgs.exe[108] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E90000
.text C:\Program Files\Messenger\msmsgs.exe[108] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E90FE5
.text C:\Program Files\Messenger\msmsgs.exe[108] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E90FCA
.text C:\Program Files\Messenger\msmsgs.exe[108] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F6D
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F7E
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F9B
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0076
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F2E
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0EF8
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F13
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00AC
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A002C
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0011
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0091
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029006F
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA8
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290054
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[364] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[364] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FDE
.text C:\WINDOWS\Explorer.EXE[364] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[364] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C0FB9
.text C:\WINDOWS\Explorer.EXE[364] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0197000A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00970000
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00970F4F
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00970044
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00970F6A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00970033
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00970F9B
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0097008D
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0097007C
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009700B9
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00970F2A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00970F05
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00970022
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00970FE5
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0097005F
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00970011
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00970FCA
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0097009E
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00960FD4
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00960F72
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00960025
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00960014
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00960F83
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00960F9E
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ B6, 88 ]
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00960FAF
.text C:\WINDOWS\system32\services.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50098
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50087
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50076
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50FB9
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F500C4
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F500B3
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F500F0
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F50F61
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F50F3C
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F50051
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F50FDB
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F50F92
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F5001B
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F500DF
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F40FDB
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F40062
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F4002C
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F40011
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F40FA5
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F40FC0
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 14, 89 ]
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F40047
.text C:\WINDOWS\system32\lsass.exe[776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00076
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00065
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00054
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F97
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00FB2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000BF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C000A2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000DA
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F4B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C00F30
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C00091
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C00F5C
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0FC0
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002500A9
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025008E
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250073
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F88
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500DF
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F46
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00250104
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00250062
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00250F99
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00250FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00250036
.text C:\Program Files\Internet Explorer\iexplore.exe[984] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 002500CE
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00340FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00340F57
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00340FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00340F72
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00340FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00340F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 54, 88 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00340014
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[984] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01A60FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[984] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01A60FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[984] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01A60FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[984] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01A6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[984] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02EB0000
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC009A
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0089
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0FAF
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0062
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F63
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC00AB
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00C6
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F37
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC00E1
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC0F80
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC0036
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC0F48
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CB0FC0
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CB0F83
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CB0F94
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CB0036
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C80000
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02C80F95
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02C8008A
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02C80FB2
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02C8006F
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02C80FC3
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02C800D3
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02C800B6
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02C80109
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02C80F70
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02C80F55
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02C8004A
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02C80FE5
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02C800A5
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02C80FD4
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02C80025
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02C800EE
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02B60047
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02B6007D
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02B60022
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02B60011
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02B60FCA
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02B60000
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02B60FDB
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D6, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02B60062
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02620FEF
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02B70FEF
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02B70014
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02B70025
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02B70FDE
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A600C2
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60FCD
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A6009B
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A6008A
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A6005B
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A600F3
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60FA1
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F7F
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A6010E
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00A60133
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00A60FDE
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A6001B
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00A60FB2
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00A60040
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00A60F90
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A50FAF
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A50F6F
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A50000
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A5002C
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00A50011
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A50F8A
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20093
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20078
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F9E
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20051
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20040
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200BF
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D200A4
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F5C
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D200F5
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D20110
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D20FAF
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D20F79
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D20025
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D200DA
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D0001B
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00058
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00047
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00000
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D00036
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00FAF
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D1000A
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10025
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D10036
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01830FEF
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01830067
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01830F72
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01830F83
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01830040
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01830FA8
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01830093
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01830F57
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01830F26
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018300B5
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 018300DA
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0183002F
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01830FDE
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01830082
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01830014
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01830FC3
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 018300A4
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01570FD4
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01570FA8
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01570FEF
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01570025
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01570FB9
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0157000A
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0157005B
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01570040
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01640FEF
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01640FD4
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01640FC3
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 0164000A
.text C:\WINDOWS\Explorer.EXE[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1940] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9008E
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90073
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90062
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90051
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90040
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B900C6
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F7E
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900EB
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F52
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B900FC
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B9009F
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B9002F
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\System32\svchost.exe[2532] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B90F63
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B80F9E
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B80F50
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B80FC3
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B80F61
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B80F72
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D8, 88 ]
.text C:\WINDOWS\System32\svchost.exe[2532] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B80F8D
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0093
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A006E
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F94
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAF
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FCA
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B5
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A4
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D0
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F41
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00E1
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0047
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F83
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0036
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3628] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F52
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0F9E
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A001E
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0FB9
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0F57
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002A0F72
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4A, 88 ]
.text C:\Program Files\Messenger\msmsgs.exe[3628] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0F8D
.text C:\Program Files\Messenger\msmsgs.exe[3628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002B0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3628] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3628] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3628] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C0FC3
.text C:\Program Files\Messenger\msmsgs.exe[3628] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C001E

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- EOF - GMER 1.0.14 ----

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:42 AM

Posted 12 January 2009 - 11:21 PM

Hello, jaybilly
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 jaybilly

jaybilly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 14 January 2009 - 08:26 PM

Hi Bill -

Here's the log. I don't know if it makes any difference, but the scan took a while (as you predicted), so last night I left it running while I went to bed. This morning the computer was locked up in shutdown mode, so I just turned it off. This evening I followed the rest of your instructions.

Again, I really appreciate you taking your time to help me. You seem to be responding a lot quicker than I am, so I won't be worried if the response takes a day or two.

Bill


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3763 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9f58111e58580a4aba49b2a19a628f7d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-14 04:59:33
# local_time=2009-01-13 11:59:33 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=390288
# found=0
# scan_time=9714

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:42 AM

Posted 14 January 2009 - 09:58 PM

Hello, jaybilly

I really do not think malware is at fault here. Multiple logs and a scanner have already found nothing out of the ordinary.

Please see the "System Still Slow" part below, it may help you run this problem down. But for now,

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 jaybilly

jaybilly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 16 January 2009 - 05:44 AM

Bill -

I'll follow up as you suggest. One last question. My only problem is that the browser is slow - the time from when I double click on the browser icon to the time I get the welcome page is pretty long (30 seconds). Computer start-up is fast and applications run fine - although none of the applications we run are tough - Microsoft Office, photo management, etc - no games. Having said that, our computer is about 5 years old, and I haven't upgraded RAM in that time.

Our ISP is Comcast (cable), and although the base rate is fast, cable access means you're sharing with your neighbors, and if other people down the block are heavy users it could impact our speed.

Do you think upgrading (or replacing) our computer would help browser speed? I don't know enough about computers to know if upgrading RAM helps internet browsing speed if everything else is OK.

Again, thanks very much!

Bill

Edited by jaybilly, 16 January 2009 - 06:45 AM.


#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:42 AM

Posted 16 January 2009 - 12:53 PM

Browsers are RAM intensive apps. Adding RAM will definitely help things.

Also, if you're using internet exploder, I'd give this one a shot:
http://www.google.com/chrome
May be a bit faster for you.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 jaybilly

jaybilly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 16 January 2009 - 10:22 PM

Bill -

I'll give the other browser a try.

Thanks very much! I don't have any other questions.

Bill

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:42 AM

Posted 16 January 2009 - 10:27 PM

Hello, jaybilly
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users