Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-phisher-snifula

Started by lunarnomadd , Sep 06 2010 08:46 PM

  • This topic is locked This topic is locked

#16
azarl
Posted 26 September 2010 - 12:09 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
That's just an entry in a part of the user registry, I doubt it's an actual infection, but we'll check

Posted Image OTL
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    HKU\S-1-5-21-3494594848-3579487786-3683612834-1000\software\microsoft\inetdata

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
  • 0

Advertisements

#17
lunarnomadd
Posted 26 September 2010 - 01:02 PM

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Azarl,
Thanks for the quick response. I hope that the file path was enough information, I think there might be more to the path that I'm unable to see in the Webroot output menu. I'm guessing there's a few more subfolders or files in that path. Either way, I ran the quick scan, but it only produced a single report, no extras file. I've pasted the report below:

OTL logfile created on: 9/26/2010 2:55:45 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Annah\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 89.97 Gb Free Space | 31.51% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.54 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIMON
Current User Name: Annah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/26 14:42:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
PRC - [2010/09/26 09:34:45 | 000,827,272 | ---- | M] (Webroot Software Inc) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRFrame.exe
PRC - [2010/08/26 10:38:01 | 001,277,672 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/08/26 10:33:58 | 003,050,048 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/08/25 16:56:58 | 003,867,096 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/08 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/04/08 15:45:40 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/04/08 15:45:36 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/04/07 21:31:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2008/05/05 08:30:28 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/26 14:42:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
MOD - [2009/10/14 17:10:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/10/14 17:10:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2007/01/30 02:08:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/10/10 14:07:00 | 003,580,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/07/03 09:43:44 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/09/07 12:25:18 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV:64bit: - [2007/08/29 15:25:14 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AESTSr64.exe -- (AESTFilters)
SRV - [2010/08/26 10:33:58 | 003,050,048 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/08/25 16:56:58 | 003,867,096 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/08 15:45:46 | 000,388,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/04/08 15:45:42 | 003,081,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/04/08 15:45:40 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/04/07 21:31:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/20 18:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/04 22:41:25 | 000,219,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2010/09/04 22:06:04 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/06/17 14:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/06/17 14:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/03/21 15:12:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/08 15:46:06 | 000,052,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2009/04/08 15:45:56 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2009/04/08 15:45:56 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/04/08 15:45:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/04/08 15:45:50 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2008/11/07 16:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/10/06 13:53:26 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/09/25 09:23:08 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/20 13:58:58 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/07/16 07:08:48 | 000,315,440 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/07/11 13:16:50 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/07/03 09:43:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/07/03 09:43:08 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/06 01:35:46 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/05 08:34:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/05/05 08:34:04 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/05 08:34:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/05/05 08:30:32 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/05/05 08:30:26 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/09/10 17:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/09/07 12:26:06 | 000,392,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/06/20 14:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/16 09:42:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2007/01/23 15:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2006/11/06 21:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/06 19:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/06 19:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/25 22:39:45 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100926.003\EX64.SYS -- (NAVEX15)
DRV - [2010/09/25 22:39:45 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100926.003\ENG64.SYS -- (NAVENG)
DRV - [2010/09/04 22:40:29 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/04 22:40:29 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/04/08 15:45:56 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/04/08 15:45:56 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/04/08 15:45:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14986&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/22 20:40:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/22 20:41:00 | 000,000,000 | ---D | M]

[2010/08/21 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Extensions
[2010/08/21 19:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/26 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions
[2010/07/30 09:53:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/05 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions\[email protected]
[2009/06/12 13:09:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Sunbird\Profiles\6e9ztz62.default\extensions
[2010/01/25 19:24:11 | 000,001,606 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\amazondotcom.xml
[2009/07/10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\askcom.xml
[2009/01/06 11:07:10 | 000,001,595 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\ebay.xml
[2010/06/26 08:53:28 | 000,002,789 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\world-of-warcraft-armory.xml
[2010/06/28 09:27:49 | 000,002,048 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\wowecon.xml
[2010/06/26 08:54:01 | 000,001,548 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\wowhead.xml
[2010/09/25 22:57:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/18 13:50:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/18 19:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/09/06 22:10:13 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - Startup: C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([docs] https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Annah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Annah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/26 14:42:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
[2010/09/26 09:37:24 | 000,136,224 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2010/09/26 09:37:24 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2010/09/26 09:34:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5D7316EC-0EDC-4C87-A589-9244C286BC92}
[2010/09/26 09:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/09/26 09:34:04 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Local\PackageAware
[2010/09/19 10:23:17 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/09/18 13:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/18 13:42:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/18 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/15 21:27:07 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/09/15 20:48:46 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\Webroot
[2010/09/13 19:50:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/06 22:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/06 22:30:46 | 000,000,000 | ---D | C] -- C:\Users\Annah\Pavark
[2010/09/06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/09/06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/09/06 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/09/06 14:33:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/09/06 13:38:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/09/06 02:10:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/09/06 02:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/09/05 18:48:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/05 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\Malwarebytes
[2010/09/05 17:40:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/05 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/05 14:15:26 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\Registry
[2010/09/04 22:05:49 | 000,172,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/04 22:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/04 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/28 19:28:12 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\SystemAnalyzer
[2010/08/28 19:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2010/08/26 16:56:03 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\Annah's Folder
[2010/08/18 22:57:51 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\vlc
[2010/08/18 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/29 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Local\Deployment

========== Files - Modified Within 90 Days ==========

[2010/09/26 14:55:42 | 005,505,024 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT
[2010/09/26 14:42:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
[2010/09/26 14:28:12 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 14:28:12 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 14:01:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 12:54:16 | 000,236,651 | ---- | M] () -- C:\Users\Annah\Desktop\SIMON_scan3.html
[2010/09/26 09:37:23 | 000,000,514 | ---- | M] () -- C:\Windows\win.ini
[2010/09/26 09:34:26 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/09/26 00:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/25 22:35:59 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/25 22:35:59 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/25 22:35:59 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/25 22:28:56 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/25 22:28:38 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/25 22:28:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/25 22:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/25 22:26:53 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/25 22:26:20 | 000,524,288 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/25 22:26:20 | 000,065,536 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/25 22:26:04 | 002,262,613 | -H-- | M] () -- C:\Users\Annah\AppData\Local\IconCache.db
[2010/09/22 21:59:20 | 000,016,594 | ---- | M] () -- C:\Users\Annah\Desktop\Annah's Coffee Shop.docx
[2010/09/16 18:10:43 | 000,216,576 | ---- | M] () -- C:\Users\Annah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/06 22:10:13 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/09/06 21:19:16 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/09/06 15:25:01 | 000,000,975 | ---- | M] () -- C:\Users\Annah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/06 14:39:44 | 004,198,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/06 10:30:02 | 000,124,704 | ---- | M] () -- C:\Users\Annah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/05 17:10:55 | 000,000,206 | ---- | M] () -- C:\Windows\SysNative\hwmonitorw.ini
[2010/09/04 22:41:25 | 000,219,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WpsHelper.sys
[2010/09/04 22:06:04 | 000,172,080 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/04 22:06:04 | 000,010,583 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/04 22:06:04 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/04 22:03:46 | 000,002,801 | ---- | M] () -- C:\Windows\unins000.dat
[2010/09/04 22:03:27 | 000,685,849 | ---- | M] () -- C:\Windows\unins000.exe
[2010/08/25 16:56:56 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/08/25 16:56:46 | 000,019,576 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2010/08/19 10:01:13 | 000,008,412 | ---- | M] () -- C:\Users\Annah\AppData\Local\d3d9caps64.dat
[2010/08/18 15:45:25 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/18 15:41:50 | 000,000,031 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/07/06 14:53:39 | 000,000,908 | ---- | M] () -- C:\Users\Annah\Desktop\Music.lnk
[2010/06/29 19:45:49 | 000,000,000 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

========== Files Created - No Company Name ==========

[2010/09/26 12:54:14 | 000,236,651 | ---- | C] () -- C:\Users\Annah\Desktop\SIMON_scan3.html
[2010/09/26 09:37:24 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/09/26 09:37:24 | 000,019,576 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2010/09/26 09:34:26 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/09/22 19:35:21 | 000,016,594 | ---- | C] () -- C:\Users\Annah\Desktop\Annah's Coffee Shop.docx
[2010/09/06 21:19:13 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/09/06 15:25:00 | 000,000,975 | ---- | C] () -- C:\Users\Annah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/06 13:35:01 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010/09/06 13:35:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/06 13:34:52 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010/09/06 13:34:38 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010/09/06 13:34:36 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010/09/06 13:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/06 13:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/09/06 13:34:32 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010/09/06 13:34:32 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010/09/06 13:34:32 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010/09/06 13:34:15 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010/09/06 13:34:13 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010/09/06 13:34:13 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010/09/06 13:34:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/06 13:33:52 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010/09/06 13:33:52 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010/09/06 13:33:38 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010/09/06 13:33:38 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010/09/06 02:03:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:03:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:03:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/09/06 02:03:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/09/06 01:47:57 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/09/06 01:47:57 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/09/06 01:47:56 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/09/06 01:47:56 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/09/06 01:47:56 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/09/06 01:47:56 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/09/05 18:39:49 | 000,223,344 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL90SP1_KB973924MSI06B4.txt
[2010/09/05 18:39:48 | 000,012,422 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL90SP1_KB973924UI06B4.txt
[2010/09/05 18:32:36 | 000,523,398 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL80SP1_KB973923MSI012E.txt
[2010/09/05 18:32:35 | 000,011,694 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL80SP1_KB973923UI012E.txt
[2010/09/05 18:11:37 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/04 22:05:49 | 000,010,583 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/04 22:05:49 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/06/29 19:45:49 | 000,000,000 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/05/11 10:35:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/05/11 10:33:47 | 003,065,652 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_NET_Framework35_x64_MSI5D29.txt
[2010/04/29 19:09:15 | 000,000,792 | ---- | C] () -- C:\Users\Annah\AppData\Local\RAExpertHistory.xml
[2009/11/30 18:35:27 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/07 15:19:33 | 001,879,620 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_NET_Framework35_x64_MSI4146.txt
[2009/11/07 15:16:36 | 000,400,252 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/07 15:16:33 | 000,383,610 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_dotnetfx35install.txt
[2009/11/07 15:16:33 | 000,006,284 | ---- | C] () -- C:\Users\Annah\AppData\Local\uxeventlog.txt
[2009/11/07 15:16:33 | 000,000,002 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_dotnetfx35error.txt
[2009/10/22 19:32:35 | 000,000,261 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\iPod Access v4 Prefs
[2009/10/22 19:24:51 | 000,000,042 | -H-- | C] () -- C:\Users\Annah\AppData\Roaming\iPodAccessv4_OwnerName
[2009/10/22 19:24:51 | 000,000,042 | -H-- | C] () -- C:\ProgramData\iPodAccessv4_OwnerName
[2009/10/22 19:23:03 | 000,000,011 | -H-- | C] () -- C:\Users\Annah\AppData\Roaming\iPodAccess_Time
[2009/07/27 18:13:50 | 000,008,412 | ---- | C] () -- C:\Users\Annah\AppData\Local\d3d9caps64.dat
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/04 09:01:27 | 000,713,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/13 02:02:47 | 000,003,725 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/13 01:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Annah\AppData\Local\d3d9caps.dat
[2008/11/13 01:15:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/11/12 16:22:49 | 000,216,576 | ---- | C] () -- C:\Users\Annah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/11 20:06:40 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008/11/11 20:06:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/11 19:23:22 | 000,136,101 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/11 19:22:28 | 000,136,101 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/11 18:36:34 | 000,001,834 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\install.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2008/12/21 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\acccore
[2008/11/24 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Acreon
[2009/03/05 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Amazon
[2009/03/17 00:24:01 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\AMPSoft
[2010/02/25 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\AnvSoft
[2010/08/16 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Audacity
[2009/11/15 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/16 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\com.myApp.NetBook.3AC0BB277CD6252F403A34D00E555927230DF2EF.1
[2010/03/21 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\DAEMON Tools Lite
[2009/11/15 16:48:52 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\de.betriebsraum.minitask.MiniTask.59043E270734A37363A375013A0E8B7849399976.1
[2009/11/15 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\de.dasplankton.Contrast-A.5DD45AD90B4BAAE78989E28539AB01CA0764F503.1
[2008/12/04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\ExportTool
[2009/11/09 20:20:55 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Extensis
[2010/04/14 22:03:06 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Facebook
[2010/08/15 21:44:33 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\foobar2000
[2008/12/21 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\LAIM
[2009/11/08 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Obsidium
[2008/11/13 23:26:02 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\OpenOffice.org
[2010/03/13 21:23:22 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Personal TaskMaster
[2009/11/08 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Proxima Software
[2008/11/12 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\ScummVM
[2009/01/01 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\SPORE
[2008/11/11 19:02:27 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\tmp
[2008/11/30 11:32:05 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\uTorrent
[2010/09/25 22:26:53 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKU\S-1-5-21-3494594848-3579487786-3683612834-1000\software\microsoft\inetdata\ >
"k1" = -1980958622
"k2" = 1122997045
"version" = 32
"Data" = [Binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD4DD9B9
< End of report >
  • 0

#18
azarl
Posted 26 September 2010 - 01:19 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :REG
[- HKU\S-1-5-21-3494594848-3579487786-3683612834-1000\software\microsoft\inetdata\]
  • Then click the Run Fix button at the top
  • Let the program run unhindered,
  • Post the log it produces in your next reply.

++++++++++ oOo +++++++++


Please also run the bestbuy system analyzer and confirm that the trojan entry has gone
  • 0

#19
lunarnomadd
Posted 26 September 2010 - 01:44 PM

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Azarl! That got it! Thank you! I had to delete the space after the hyphen in the command for it to recognize the registry file, but after that, it deleted the key. I reran both the BestBuy system analyzer and the Webroot antivirus that had detected and and both came up perfectly clean this time!

========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-3494594848-3579487786-3683612834-1000\software\microsoft\inetdata\ deleted successfully.

OTL by OldTimer - Version 3.2.14.1 log created on 09262010_152415


Thank you soooo much! This has been a good few week fight, I really appreciate your time. So, was it just a registry entry? or was it an actual trojan?
  • 0

#20
azarl
Posted 26 September 2010 - 01:48 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
At one time, a trojan was installed, but one of your Avs took care of it and just left a registry entry

Cheers
  • 0

#21
azarl
Posted 04 October 2010 - 03:15 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP