Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot start Windows Firewall after Malware infection


  • Please log in to reply

#1
sean.dbtrader

sean.dbtrader

    Member

  • Member
  • PipPip
  • 73 posts
I had a Malware infection on my computer. It has been removed by MBAM. However, I cannot start Windows Firewall on my computer and this computer is getting reinfected often. I'm not sure if the original infection somehow disabled the firewall, but my guess is that is the case.

Here are the detailed symptoms of the firewall problem.

1. When I open Windows Firewall from Control Panel it says that Windows Firewall service is not running. If I click to Turn Windows Firewall on I get the message "Due to an unidentified problem, Windows cannot display Windows Firewall settings."

2. If I go to Services the Windows Firewall service is not started. When I try to start it I get the message "Windows could not start the Windows Firewall/Internet Connection Sharing (ICS) service on Local Computer. Error 2: The system cannot find the file specified."

I've pasted the OTL scan for my computer below.

Thanks in advance for your help.

OTL logfile created on: 8/2/2012 2:06:10 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Software\OTL
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 52.24% Memory free
6.73 Gb Paging File | 5.12 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 79.82 Gb Free Space | 27.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.21 Gb Free Space | 62.14% Space Free | Partition Type: NTFS
Drive E: | 235.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 921.56 Gb Total Space | 564.77 Gb Free Space | 61.28% Space Free | Partition Type: NTFS

Computer Name: DELL530 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 14:05:40 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Software\OTL\OTL.exe
PRC - [2012/07/16 10:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012/02/26 19:04:16 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/03 06:54:06 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/04/13 09:37:22 | 000,070,920 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/04/13 09:37:22 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/04/06 08:16:14 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/04/06 08:16:10 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/03/22 09:40:50 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/12/15 12:41:28 | 000,028,672 | ---- | M] (CQG, Inc.) -- C:\Program Files\CQG\CQG.AutoUpgrade.Service\CQG.AutoUpgrade.StartUpNTService.exe
PRC - [2010/10/01 08:26:58 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2009/12/10 20:18:26 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/24 07:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/16 07:23:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 00:33:15 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2008/01/19 00:33:10 | 002,585,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/05/11 06:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/30 22:14:06 | 001,769,472 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2007/02/16 20:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe
PRC - [2006/10/09 13:43:18 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe
PRC - [2004/02/20 17:48:02 | 000,081,920 | ---- | M] (Townsend Analytics, Ltd.) -- C:\TAL\log_service32.exe
PRC - [2003/08/27 17:11:12 | 000,073,728 | ---- | M] (Jurik Research Software; www.jurikres.com) -- C:\Windows\System32\JRService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/09 11:13:51 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/09 11:12:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2012/06/09 11:10:36 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2012/06/09 11:10:33 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e66c5af83e8fb89b4dc5547ef663f4c8\Accessibility.ni.dll
MOD - [2012/06/09 11:10:31 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2012/06/09 11:10:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2012/06/09 11:10:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2012/06/09 11:09:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2012/06/09 11:08:46 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2012/06/09 11:08:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2012/06/09 11:08:30 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll
MOD - [2012/06/09 11:07:52 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2012/06/09 11:07:23 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2011/04/13 09:40:40 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/04/13 09:37:18 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/04/06 08:16:30 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/04/06 08:16:28 | 000,027,360 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/04/06 08:16:10 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/04/20 10:22:32 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2010/04/20 10:22:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/03/22 15:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2008/07/27 11:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/02/27 19:34:32 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/10/12 15:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2006/05/10 16:18:06 | 000,010,240 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SecurityManager.dll
MOD - [2006/05/10 16:18:04 | 000,009,216 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PolicyCommon.dll
MOD - [2005/07/08 11:36:40 | 000,094,208 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\f5bdkedr.dll
MOD - [2005/01/19 18:48:00 | 000,028,672 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardPath.dll
MOD - [2003/11/20 21:56:18 | 000,294,912 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIplA6.dll
MOD - [2003/11/20 21:56:16 | 000,020,480 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIpl.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
MOD - [1996/12/19 13:24:26 | 000,068,608 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\F5BDKAKU.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VLFLZYI\B-Service.exe -- (B-Service)
SRV - [2012/08/02 10:32:55 | 000,184,320 | ---- | M] () [Auto | Stopped] -- C:\Users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe -- (eoxskhvwp)
SRV - [2012/07/16 10:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012/04/15 12:59:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/13 09:37:22 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/04/06 08:16:14 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/12/15 12:41:28 | 000,028,672 | ---- | M] (CQG, Inc.) [Auto | Running] -- C:\Program Files\CQG\CQG.AutoUpgrade.Service\CQG.AutoUpgrade.StartUpNTService.exe -- (CQG.AutoUpgrade.StartUpNTService)
SRV - [2009/12/10 20:18:26 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/10/01 01:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/08/24 07:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/06/16 07:23:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/22 18:39:44 | 002,808,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2007/02/16 20:08:14 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)
SRV - [2005/05/10 04:19:24 | 000,024,576 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\OPHCLDCS.EXE -- (OKI OPHC DCS Loader)
SRV - [2004/02/20 17:48:02 | 000,081,920 | ---- | M] (Townsend Analytics, Ltd.) [Auto | Running] -- C:\TAL\log_service32.exe -- (LogService)
SRV - [2003/08/27 17:11:12 | 000,073,728 | ---- | M] (Jurik Research Software; www.jurikres.com) [Auto | Running] -- C:\Windows\System32\JRService.exe -- (JR Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinRT.sys -- (WinRT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/18 22:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2007/06/14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/05/27 21:58:58 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2071003
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Proj/dbtraderlinks/index.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7DKUS_enUS243
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/03 06:54:22 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\10.0.648.204\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\google\chrome\application\10.0.648.204\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] Reg Error: Value error. File not found
O4 - HKCU..\Run: [CQGOrderServer] C:\Program Files\CTS\CQGOrderServer.exe ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [InetAlarm] C:\Program Files\TantusTrading\InetAlarm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0FB028C2-2704-40F6-A983-2A2405027A19} https://epresent.sun...ws/dropslot.cab (DropSlot Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} http://download.micr...93/pmupd806.exe (MSN Money Charting)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://theice.webex...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45AD1DF8-D5D8-4EDC-A3C7-ED7FFC0C2750}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/14 10:34:14 | 000,000,057 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/25 14:04:28 | 003,155,187 | ---- | M] (EminiTradingStrategies.com ) - C:\AutoTrader Strategy Setup.exe -- [ NTFS ]
O32 - AutoRun File - [2010/12/15 18:42:23 | 000,000,101 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\##AMYDELL#FreeAgent1\Shell\AutoRun\command - "" = "F:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{a4f1e8a9-3bac-11dd-9f0e-001aa098287e}\Shell\AutoRun\command - "" = G:\Launch.exe /run
O33 - MountPoints2\{b1c9ec4e-719d-11dc-bcd2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c9ec4e-719d-11dc-bcd2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SeagateDashboardSetup.exe -- [2011/04/13 04:09:03 | 012,719,120 | R--- | M] ()
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launch.exe /run
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 10:54:51 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 3.0
[2012/08/02 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/07/08 17:39:50 | 000,029,272 | R--- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll
[2008/05/20 14:47:02 | 000,721,912 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sean\gotomypc_428.exe
[2007/11/18 15:17:35 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sean\gotomypc_437.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 14:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 13:52:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 13:52:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 13:36:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 10:54:51 | 000,000,892 | ---- | M] () -- C:\Users\Sean\Desktop\DllSuite.lnk
[2012/08/02 10:31:22 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 09:52:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 09:52:45 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 09:51:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/02 09:32:20 | 000,002,881 | ---- | M] () -- C:\Sharedaccess.reg
[2012/08/02 09:31:04 | 000,000,636 | ---- | M] () -- C:\Windows\tasks\TradeStation Backup - Weekly.job
[2012/08/01 14:38:24 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/31 16:32:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/07/24 11:56:03 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/07/24 11:53:31 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2012/07/21 20:23:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 09:46:02 | 000,000,043 | ---- | M] () -- C:\Windows\WALLSTRT.INI
[2012/07/08 17:39:38 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2012/07/08 17:33:06 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 10:54:51 | 000,000,892 | ---- | C] () -- C:\Users\Sean\Desktop\DllSuite.lnk
[2012/08/02 09:32:20 | 000,002,881 | ---- | C] () -- C:\Sharedaccess.reg
[2012/07/31 16:30:05 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/07/24 11:54:37 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/07/19 09:45:39 | 000,000,636 | ---- | C] () -- C:\Windows\tasks\TradeStation Backup - Weekly.job
[2012/07/08 17:33:06 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/07/08 17:33:06 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/04/24 08:06:55 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC398299.trad
[2012/04/24 08:00:22 | 001,879,552 | ---- | C] () -- C:\Windows\System32\RoboTraderFXI.dll
[2012/04/24 08:00:22 | 000,196,608 | ---- | C] () -- C:\Windows\System32\RBT1GLock32.dll
[2011/10/23 20:11:08 | 000,218,624 | ---- | C] () -- C:\Windows\System32\TTMMCCheck2.dll
[2010/09/29 16:09:56 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2010/09/03 17:19:53 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC429288.trad
[2009/08/29 19:45:44 | 000,008,711 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/02/20 10:03:43 | 000,066,360 | ---- | C] () -- C:\Users\Sean\g2ax_customer_downloadhelper_win32_x86.exe
[2008/12/28 18:51:12 | 000,007,592 | ---- | C] () -- C:\Users\Sean\AppData\Local\d3d9caps.dat
[2008/10/02 14:30:26 | 000,060,744 | ---- | C] () -- C:\Users\Sean\g2mdlhlpx.exe
[2008/08/02 10:47:35 | 000,000,162 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2008/06/12 16:17:56 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{707f1588-c51d-b0ea-15b6-78faa7e6affc}\@
[2008/06/12 16:17:56 | 000,002,048 | -HS- | C] () -- C:\Users\Sean\AppData\Local\{707f1588-c51d-b0ea-15b6-78faa7e6affc}\@
[2008/05/13 10:33:15 | 000,000,092 | ---- | C] () -- C:\Users\Sean\AppData\Local\fusioncache.dat
[2007/10/06 15:50:33 | 000,011,264 | ---- | C] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DAD2FFA0

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
This is the latest Zero Access infection and MBAM can't remove it all.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VLFLZYI\B-Service.exe -- (B-Service)
SRV - [2012/08/02 10:32:55 | 000,184,320 | ---- | M] () [Auto | Stopped] -- C:\Users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe -- (eoxskhvwp)

:files
C:\Windows\Installer\{{707f1588-c51d-b0ea-15b6-78faa7e6affc}
C:\Users\Sean\AppData\Local\{707f1588-c51d-b0ea-15b6-78faa7e6affc}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\tasks\At*.job
C:\Users\Sean\AppData\Roaming\Microsoft\Jreii

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{707f1588-c51d-b0ea-15b6-78faa7e6affc}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron

PS Norton has its own firewall and will turn off the Windows firewall. Normally it also tells windows not to monitor the firewall but I suspect MBAM may have "fixed" this for you.
  • 0

#3
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Thank you for your help. I finally got through all the steps and the firewall appears to be working now. Actually, it started working after I rebooted from the ComboFix step.

I've attached all of the logs you requested. Hopefully I got all of them.

From what you see in the logs does it look like this computer is clean.

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe
C:\Users\Sean\AppData\Local\Temp\rwubsdyy.exe

Driver::
eoxskhvwp

Folder::
C:\Windows\Installer\{707f1588-c51d-b0ea-15b6-78faa7e6affc}
c:\users\Sean\AppData\Roaming\Microsoft\Jreii

RootKit::
C:\Users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe
C:\Users\Sean\AppData\Local\Temp\rwubsdyy.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternetPal"=-
"WMPNSCFG"=-
"Skype"=-
"caoblev"=-
"vjvdhro"=-
"nvinzqpq"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#5
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron,

I've attached the new log. Something seems to have happened to this computer. I can no longer access this computer from my LAN and some applications seem to be corrupted. For example if I try to run a program called Scan Snap Manager it gives me an error that the program tried to access a registry key that is marked for deletion. Can you help with these problems?

Thanks,
Sean

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP

registry key that is marked for deletion.


We get that sometimes after running Combofix. Don't know why. Just reboot one more time and the error should go away.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
See above reply if you haven't already.

Uninstall Malwarebytes' Anti-Malware as it will interfere with the next Combofix run.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

AtJob::

Folder::
c:\users\QBDataServiceUser19\AppData\Roaming\Microsoft\Okyprtw

RootKit::
c:\users\QBDataServiceUser19\AppData\Roaming\Microsoft\Okyprtw\okyprtw.exe


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#8
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OK, I rebooted and it fixed the programs. However, this computer is still not visible on the LAN to other computers. However, it can see the other computers fine. Any ideas on that problem?

I ran the new ComboFix script and I've attached the log.

Thanks,
Sean

Attached Files


  • 0

#9
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I just did a quick scan with MBAM and it still finds a Trojan.Dropper at c:\Users\Public\qbfpwyf.mer.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I think your firewall might be blocking your other computers from talking to this one.

c:\users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe is back again. There must be a second file that we can't see.

Let's try ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

Advertisements


#11
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Here is the BitDefender report.

I could not get ESET to work. When I start the scan it gives me the message "Can not get update. Is proxy configured?" during initialization.

Attached Files


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Bitdefender found some things we couldn't see from the other logs so perhaps we can kill it off this time:



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

AtJob::

File::
C:\Windows\jreii.dll
C:\Windows\rjuek.dll
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\program files\Google\Update\GoogleUpdate.exe

Driver::
eoxskhvwp
AdobeFlashPlayerUpdateSvc
bthsvcs

NetSvcs::
bthsvcs

Folder::
C:\Users\Sean\AppData\Roaming\Microsoft\Jreii
C:\Program Files\real\realplayer\update

RootKit::
C:\Windows\jreii.dll
C:\Windows\rjuek.dll
C:\Users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#13
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Here is the new log. Did it get everything this time?

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Nope, this is like whack-a-mole. Now we have

c:\users\QBDataServiceUser19\AppData\Roaming\Microsoft\Okyprtw\okyprtw.exe

back again. Can you submit the above to www.virustotal.com and see what they say about it? If it doesn't say 0/42 or so then copy and paste the report into a reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Your original OTL showed that you have Norton/Symantec anti-virus installed but Combofix doesn't see it. Let's try removing it and installing the free Avast.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Look in C:\ProgramData\Avast Software\Avast\report\aswboot.txt or C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt for a text copy of the log that you can copy and paste to a reply.

Run the BitDefender scan again and post its log.
  • 0

#15
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OK, I followed the instructions and attached the files.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP