Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows is slow,and i got a problem with the them


  • This topic is locked This topic is locked

#1
unbodi

unbodi

    Member

  • Member
  • PipPip
  • 64 posts
helloe guys.
i got a big problem and i dont know what to do.
i got windows xp pro,all updated.it all was ok,working great,but than i did a restart and i started to get problems.

1.the computer is working slow,very slow.and i got amd 64 bit 3000+,512 ddr ram,geforce 6800gt,need to work fast and good.
2.look at the
windows now:http://img218.imageshack.us/img218/2046/343247ue.jpg
its on the classic them and i cant change it to the defulet them,the blue one that comes with the windows.i think its a virus beacuase i cant even do a system restore.every time i try to restore the system i get a massage that say: incomlite restore or something.anyway here is the HijackThis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 1:33:03 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\GM\Desktop\tal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamer.co.il
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamer.co.il
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [System Service] mspool.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] pqukguue.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121695558203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{621D71D2-43B3-45C2-AC09-1DB1E28A75A3}: NameServer = 192.116.202.222 213.8.172.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\GM\LOCALS~1\Temp\Rar$EX00.218\fanspeedNT.exe" (file missing)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

whats wrong?
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi unbodi,

My name is Sam and I'll be helping you with your problems. :tazz:


Check for this file and let me know if you have it.

C:\Windows\Resources\Themes\Luna.theme


Next, make sure Ewido is updated and run a full scan. Save the report when you are done.

Reboot and post a new hijackthis log and the log from Ewido.
  • 0

#3
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi unbodi,

My name is Sam and I'll be helping you with your problems.  :tazz:
Check for this file and let me know if you have it.

C:\Windows\Resources\Themes\Luna.theme
Next, make sure Ewido is updated and run a full scan.  Save the report when you are done.

Reboot and post a new hijackthis log and the log from Ewido.

View Post


ok heres what i got:---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:36:18 PM, 8/8/2005
+ Report-Checksum: 7CFE857

+ Scan result:

C:\Documents and Settings\GM\Cookies\gm@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\GM\Cookies\gm@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\GM\Cookies\gm@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_102000.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_102000.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_112700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_112700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_155600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_155600.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_168500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_168500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_223700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_269500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_269500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_326700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_326700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_331000.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_331000.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_348700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_348700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_362700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_362700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_420900.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_420900.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_445800.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_499100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_499100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_824600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_824600.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_827500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_827500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_828100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_0_828100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_100600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_100600.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_112700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_112700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_326700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_326700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_329100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_329100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_331000.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_1_331000.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_2_499100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_2_499100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_3_103100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_3_103100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_3_169500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_3_169500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_103100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_103100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_130700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_130700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_329100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_329100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_439100.gif -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_499000.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_499000.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_499300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_499300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_499500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_499500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_828100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_0_4_828100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_1_0_147700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_1_0_453800.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_1_3_818800.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_1_4_818800.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_0_281300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_0_281300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_0_814200.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_0_815600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_0_815900.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_105400.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_105400.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_106700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_106700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_130400.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_130400.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_136500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_136500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_146900.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_146900.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_158900.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_158900.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_179400.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_192300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_192300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_255300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_255300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_265100.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_265100.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_281300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_281300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_324500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_324500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_338800.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_338800.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_353300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_353300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_358700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_358700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_359400.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_366900.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_366900.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_377200.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_377200.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_386900.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_386900.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_393600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_393600.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_401500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_499200.htm -> Adware.Cydoor : Cleaned without backup
-> : Error during cleaning
C:\WINDOWS\system32\AdCache\B_434_2_4_499600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_499600.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_499700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_499700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_499800.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_499800.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_824700.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_824700.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_825300.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_825300.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_825600.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_825600.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_828200.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_828200.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_828500.htm -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\AdCache\B_434_2_4_828500.swf -> Adware.Cydoor : Cleaned without backup
C:\WINDOWS\system32\PopUpBlocker8.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned without backup
C:\WINDOWS\system32\TFTP164 -> Heuristic.Win32.Morphine-Crypted : Cleaned without backup
C:\WINDOWS\system32\TFTP1728 -> Backdoor.Rbot.xe : Cleaned without backup
C:\WINDOWS\system32\TFTP2828 -> Backdoor.Rbot : Cleaned without backup
C:\wiNDOWS\system32\.EXE -> Backdoor.Agent.ta
::Report End

and:
Logfile of HijackThis v1.99.1
Scan saved at 2:46:38 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\GM\Desktop\tal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamer.co.il
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamer.co.il
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunServices: [System Service] mspool.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] pqukguue.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121695558203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{621D71D2-43B3-45C2-AC09-1DB1E28A75A3}: NameServer = 192.116.202.222 213.8.172.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\GM\LOCALS~1\Temp\Rar$EX00.218\fanspeedNT.exe" (file missing)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

and i got that file you asked for.

now what?;)

Edited by unbodi, 07 August 2005 - 05:44 AM.

  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [System Service] mspool.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] pqukguue.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\GM\LOCALS~1\Temp\Rar$EX00.218\fanspeedNT.exe" (file missing)



Delete these files, if present:

mspool.exe
pqukguue.exe
winssh.exe
C:\WINDOWS\extel.exe



Delete your temp files
  • Navigate to the C:\Windows\Temp folder.
    • Open the Temp folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Navigate to the C:\Windows\Prefetch folder.
    • Open the Prefetch folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Run and type %temp% in the Run box.
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Control Panel -> Internet Options.
    • Select the General tab
    • Under "Temporary Internet Files" Click "Delete Files".
    • Put a check by "Delete Offline Content" and click OK.
    • Click on the Programs tab then click the "Reset Web Settings" button.
    • Click Apply then OK.
  • Empty the Recycle Bin.
Right click on this link and save this file to your desktop.

http://www.kellys-ko...storethemes.reg


Double click on restorethemes.reg and ok the prompt.
Reboot and check your desktop properties again. You should be able to set XP theme.

Please post a new hijackthis log and let me know of any problems that still exist.
  • 0

#5
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Run Hijackthis again, click scan, and Put a checkmark next to each of these.  Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [System Service] mspool.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] pqukguue.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\GM\LOCALS~1\Temp\Rar$EX00.218\fanspeedNT.exe" (file missing)

Delete these files, if present:

mspool.exe
pqukguue.exe
winssh.exe
C:\WINDOWS\extel.exe

Delete your temp files

  • Navigate to the C:\Windows\Temp folder.
    • Open the Temp folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Navigate to the C:\Windows\Prefetch folder. 
    • Open the Prefetch folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Run and type %temp% in the Run box.
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Control Panel -> Internet Options.
    • Select the General tab
    • Under "Temporary Internet Files" Click "Delete Files".
    • Put a check by "Delete Offline Content" and click OK.
    • Click on the Programs tab then click the "Reset Web Settings" button.
    • Click Apply then OK.
  • Empty the Recycle Bin.
Right click on this link and save this file to your desktop.

http://www.kellys-ko...storethemes.reg
Double click on restorethemes.reg and ok the prompt.
Reboot and check your desktop properties again.  You should be able to set XP theme.

Please post a new hijackthis log and let me know of any problems that still exist.

View Post


ok i did all of that,and it didnt work at all.
now i cant even try to set the xp tem as you can see here:
http://img58.imagesh...333333336hf.jpg
and if i'm going to the them tab,and i try to set the lura them from c:windows-resources-them
i get this:
http://img97.imagesh...ntitled7js1.jpg
and this:
http://img97.imagesh...?image=20bn.jpg
what can i do next?=(

oh and here is the new log:
Logfile of HijackThis v1.99.1
Scan saved at 4:23:27 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GM\Desktop\tal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamer.co.il/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamer.co.il
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121695558203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{621D71D2-43B3-45C2-AC09-1DB1E28A75A3}: NameServer = 192.116.202.222 213.8.172.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Edited by unbodi, 07 August 2005 - 07:20 AM.

  • 0

#6
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
bump x;

Edited by unbodi, 07 August 2005 - 09:13 AM.

  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's try this.

Open Group Policy..
Click Start -> Run -> (type in) gpedit.msc and click OK.
Navigate to >>>
User Configuration\Administrative Templates\Control Panel\Desktop Themes\
Load a specific visual style file or force Windows Classic
Set to Not configured.


If that doesn't do the trick here are some other registry tweaks that you can try. Do them one at a time with a reboot between each one to see if it works.

Go here..
http://www.kellys-ko...m/xp_tweaks.htm

Read the instructions at the top

187. Restore Themes Functionality

187. Right hand side
Restore Luna Theme - Restore Classic Theme
Click on: Restore Luna Theme

214. Windows/Buttons Grayed Out -Appearance

214. Right hand side
Windows XP Style Changes to Windows Classic

271. Stuck in Classic View? Undo Now


Let me know how it turns out and any other problems that you are having.
  • 0

#8
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Let's try this.

Open Group Policy..
Click Start -> Run -> (type in)  gpedit.msc     and click OK.
Navigate to >>>
User Configuration\Administrative Templates\Control Panel\Desktop Themes\
Load a specific visual style file or force Windows Classic
Set to Not configured.
If that doesn't do the trick here are some other registry tweaks that you can try.  Do them one at a time with a reboot between each one to see if it works.

Go here..
http://www.kellys-ko...m/xp_tweaks.htm

Read the instructions at the top

187. Restore Themes Functionality

187. Right hand side
Restore Luna Theme - Restore Classic Theme
Click on: Restore Luna Theme

214. Windows/Buttons Grayed Out -Appearance

214. Right hand side
Windows XP Style Changes to Windows Classic

271. Stuck in Classic View?  Undo Now
Let me know how it turns out and any other problems that you are having.

View Post


ok i did what you said,and now i get this:
http://img277.images...untitled7uk.jpg

but i dont know from where to active it,so i guess the problem is in the administer tool like is say.

you know what to do next?
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Click Start -> Run -> (type in) services.msc and click OK.

Scroll down until you see "Themes".
Double click on it to bring up Properties.
Set Startup type to Automatic.
Click on the Start button.

Let me know if that does it.
  • 0

#10
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Click Start -> Run -> (type in) services.msc and click OK.

Scroll down until you see "Themes". 
Double click on it to bring up Properties.
Set Startup type to Automatic.
Click on the Start button.

Let me know if that does it.

View Post


no,didnt work.the startup type already was on automatic.

anything als i can do?(please say yes) P:

Edited by unbodi, 07 August 2005 - 03:24 PM.

  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Uninstall this program:

Style XP

Reboot and check your settings.
  • 0

#12
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Uninstall this program:

Style XP

Reboot and check your settings.

View Post


i'v done that already.nothing change.
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
This issue doesn't seem to be related to malware, and as such it's straying a bit from what I know best. I recommend making a post in this forum, where one of my colleagues will help you further.

http://www.geekstogo...2003-NT-f5.html

Sorry I couldn't get it done for you, but I've exhausted all of my ideas.

Sam
  • 0

#14
unbodi

unbodi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

This issue doesn't seem to be related to malware, and as such it's straying a bit from what I know best.  I recommend making a post in this forum, where one of my colleagues will help you further.

http://www.geekstogo...2003-NT-f5.html

Sorry I couldn't get it done for you, but I've exhausted all of my ideas.

Sam

View Post


np.but thanks for all of you'r time and you'r help you've givin to me.

untill the next time,
Unbod =)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP