Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Got a virus and Mc Afees can´t clean nor remove it [CLOSED]


  • This topic is locked This topic is locked

#16
Martina2005

Martina2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
StartupList report, 06-11-2005, 23:12:02
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Martina\Escritorio\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\ARCHIV~1\mcafee.com\agent\mcagent.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\Archivos de programa\Norton AntiVirus\CfgWiz.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\archiv~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Norton AntiVirus\NAVW32.EXE
C:\Archivos de programa\Norton AntiVirus\NAVW32.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Martina\Escritorio\HijackThis.exe
C:\Archivos de programa\Symantec\LiveUpdate\AUpdate.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Martina\Menú Inicio\Programas\Inicio]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
PCTVOICE = pctspk.exe
SiS KHooker = C:\WINDOWS\System32\khooker.exe
NeroCheck = C:\WINDOWS\System32\\NeroCheck.exe
QuickTime Task = "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
EPSON Stylus C42 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
TkBellExe = "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
iTunesHelper = "C:\Archivos de programa\iTunes\iTunesHelper.exe"
VSOCheckTask = "c:\ARCHIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\ARCHIV~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\ARCHIV~1\mcafee.com\agent\mcupdate.exe
Adobe Photo Downloader = "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
ccApp = "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
SSC_UserPrompt = "C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe"
NAV CfgWiz = "C:\Archivos de programa\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Comprobación de actualizaciones de Mcafee.com (CASA-QMY0W6YSOR-Martina).job
Symantec NetDetect.job
Norton AntiVirus - Run Full System Scan - Martina.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.t...all/xscan60.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.c...nst20040510.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.co...ad/MsnPUpld.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1118330791493

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.game...aploader_v6.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Controlador Microsoft ACPI: System32\DRIVERS\ACPI.sys (system)
Eliminador de eco acústico de núcleo de Microsoft: system32\drivers\aec.sys (manual start)
Entorno de compatibilidad de funciones de red AFD: \SystemRoot\System32\drivers\afd.sys (system)
Servicio de alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Servicio de puerta de enlace de capa de aplicación: %SystemRoot%\System32\alg.exe (manual start)
Administración de aplicaciones: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Controlador de medios asíncronos de RAS: System32\DRIVERS\asyncmac.sys (manual start)
Controladora estándar IDE/ESDI de disco duro: System32\DRIVERS\atapi.sys (system)
Protocolo cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)
Audio de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador auxiliar de audio: System32\DRIVERS\audstub.sys (manual start)
Servicio de transferencia inteligente en segundo plano: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Examinador de equipos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Settings Manager: "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe" (autostart)
Controlador de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Servicio de Index Server: %SystemRoot%\system32\cisvc.exe (autostart)
Portafolios: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
Aplicación del sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Servicios de cifrado: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Iniciador de procesos de servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador de disco: System32\DRIVERS\disk.sys (system)
Servicio del administrador de discos lógicos: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Controlador del administrador de discos lógicos: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Administrador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sintetizador DLS Kernel de Microsoft: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Descodificador de audio DRM del núcleo de Microsoft: system32\drivers\drmkaud.sys (manual start)
Eplpdx02: \??\C:\WINDOWS\System32\Drivers\EPLPDX02.SYS (manual start)
Servicio de informe de errores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registro de sucesos: %SystemRoot%\system32\services.exe (autostart)
Sistema de sucesos COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Compatibilidad de cambio rápido de usuario: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de la unidad de disquete: System32\DRIVERS\fdc.sys (manual start)
Controlador de disquete: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Controlador del administrador de volumen: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Clasificador de paquetes genéricos: System32\DRIVERS\msgpc.sys (manual start)
Ayuda y soporte técnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acceso a dispositivo de interfaz humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Teclado i8042 y controlador de puerto de mouse PS/2: System32\DRIVERS\i8042prt.sys (system)
Controlador de filtro de grabación de CD: System32\DRIVERS\imapi.sys (system)
Servicio COM de grabación de CD de IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Controlador de Firewall de Windows IPv6: system32\drivers\ip6fw.sys (manual start)
Controlador de filtro de tráfico IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Controlador de túnel IP en IP: System32\DRIVERS\ipinip.sys (manual start)
Traductor de direcciones de red IP: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Archivos de programa\iPod\bin\iPodService.exe" (manual start)
Controlador IPSEC: System32\DRIVERS\ipsec.sys (system)
Servicio enumerador IR: System32\DRIVERS\irenum.sys (manual start)
Controlador de bus PnP ISA/EISA: System32\DRIVERS\isapnp.sys (system)
Controlador de clase de teclado: System32\DRIVERS\kbdclass.sys (system)
Mezclador de audio de onda Microsoft Kernel: system32\drivers\kmixer.sys (manual start)
Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Estación de trabajo: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Ayuda de NetBIOS sobre TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
McAfee.com McShield: c:\ARCHIV~1\mcafee.com\vso\mcshield.exe (manual start)
McAfee SecurityCenter Update Manager: C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
McAfee.com VirusScan Online Realtime Engine: c:\ARCHIV~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
Mensajero: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Escritorio remoto compartido de NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Dispositivo de filtro de transmisión Unimodem: system32\drivers\MODEMCSA.sys (manual start)
Controlador de clase de mouse: System32\DRIVERS\mouclass.sys (system)
Redirector de cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Coordinador de transacciones distribuidas de Microsoft: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Proxy de servicio de transferencia de Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy del reloj de transferencia de Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy del administrador de calidad de transferencia de Microsoft: system32\drivers\MSPQM.sys (manual start)
Controlador BIOS de Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
NaiFiltr: system32\DRIVERS\NaiFiltr.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Archivos de programa\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\ARCHIV~1\ARCHIV~1\SYMANT~1\VIRUSD~1\20051106.006\NAVENG.Sys (manual start)
NAVEX15: \??\C:\ARCHIV~1\ARCHIV~1\SYMANT~1\VIRUSD~1\20051106.006\NavEx15.Sys (manual start)
Controlador TAPI NDIS de acceso remoto: System32\DRIVERS\ndistapi.sys (manual start)
Protocolo E/S en modo de usuario NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Controlador WAN NDIS de acceso remoto: System32\DRIVERS\ndiswan.sys (manual start)
Interfaz de NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBios a través de Tcpip: System32\DRIVERS\netbt.sys (system)
DDE de red: %SystemRoot%\system32\netdde.exe (disabled)
DSDM de DDE de red: %SystemRoot%\system32\netdde.exe (disabled)
Inicio de sesión en red: %SystemRoot%\System32\lsass.exe (manual start)
Conexiones de red: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Firewall Monitor Service: "C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
Norton Protection Center Service: "C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Console\NSCSRVCE.EXE" (manual start)
Proveedor de compatibilidad con seguridad LM de Windows NT: %SystemRoot%\System32\lsass.exe (manual start)
Medios de almacenamiento extraíbles: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Controlador de filtro de tráfico IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Controlador retransmisor de tráfico IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Controlador de procesador PentiumIII de Intel: System32\DRIVERS\p3.sys (system)
Controlador de puerto paralelo: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servicios IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
Minipuerto WAN (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Almacenamiento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Programador de paquetes QoS: System32\DRIVERS\psched.sys (manual start)
Controlador de vínculo paralelo directo: System32\DRIVERS\ptilink.sys (manual start)
W2K Pctel Serial Device Driver: System32\DRIVERS\ptserial.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Controlador de conexión automática de acceso remoto: System32\DRIVERS\rasacd.sys (system)
Administrador de conexión automática de acceso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Minipuerto WAN (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Administrador de conexión de acceso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de acceso remoto PPPOE: System32\DRIVERS\raspppoe.sys (manual start)
Paralelo directo: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Controlador de redireccionamiento de dispositivos de Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)
Administrador de sesión de Ayuda de escritorio remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)
Controlador de filtro de reproducción de CD de sonido digital: System32\DRIVERS\redbook.sys (system)
Enrutamiento y acceso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Localizador de llamadas a procedimiento remoto (RPC): %SystemRoot%\System32\locator.exe (manual start)
Llamada a procedimiento remoto(RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Administrador de cuentas de seguridad: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Archivos de programa\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Archivos de programa\Norton AntiVirus\SAVRTPEL.SYS (system)
Symantec AVScan: "C:\Archivos de programa\Norton AntiVirus\SAVScan.exe" (manual start)
Tarjeta inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)
Programador de tareas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Inicio de sesión secundario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notificación de sucesos del sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de filtro Serenum: System32\DRIVERS\serenum.sys (manual start)
Controlador de puerto serie: System32\DRIVERS\serial.sys (system)
Firewall de Windows/Conexión compartida a Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Detección de hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS300i: System32\DRIVERS\sis300ip.sys (manual start)
SiS630: System32\DRIVERS\sis630p.sys (manual start)
SiS AGP Filter: System32\DRIVERS\sisagp.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
Symantec Network Drivers Service: "C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe" (autostart)
SPBBCDrv: \??\C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
SPBBCSvc: "C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Divisor de audio del núcleo de Microsoft: system32\drivers\splitter.sys (manual start)
Cola de impresión: %SystemRoot%\system32\spoolsv.exe (autostart)
Controlador de filtro de Restaurar sistema: System32\DRIVERS\sr.sys (system)
Servicio de restauración de sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Servicio de descubrimientos SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Adquisición de imágenes de Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Controlador del bus de software: System32\DRIVERS\swenum.sys (manual start)
Sintetizador de tabla de onda Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{ABCEFCEF-CCEA-45FE-881C-52EDCF004EE2} (manual start)
Symantec Core LC: "C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Archivos de programa\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Dispositivo de sonido del sistema Kernel de Microsoft: system32\drivers\sysaudio.sys (manual start)
Registros y alertas de rendimiento: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonía: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)
Controlador de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)
Servicios de Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Cliente de seguimiento de vinculos distribuidos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Dispositivo de actualización Microcode: System32\DRIVERS\update.sys (manual start)
Host de dispositivo Plug and Play universal: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Sistema de alimentación ininterrumpida: %SystemRoot%\System32\ups.exe (manual start)
Concentrador habilitado USB2: System32\DRIVERS\usbhub.sys (manual start)
Controlador minipuerto de la controladora de host abierto USB de Microsoft: System32\DRIVERS\usbohci.sys (manual start)
Clase de impresora USB de Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Dispositivo de almacenamiento masivo de datos USB: System32\DRIVERS\USBSTOR.SYS (manual start)
Controlador de pantalla VGA.: \SystemRoot\System32\drivers\vga.sys (system)
W2K Vmodem: System32\DRIVERS\vmodem.sys (system)
W2K Vpctcom: System32\DRIVERS\vpctcom.sys (system)
Instantáneas de volumen: %SystemRoot%\System32\vssvc.exe (manual start)
W2K Vvoice: System32\DRIVERS\vvoice.sys (system)
Horario de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador ARP IP de acceso remoto: System32\DRIVERS\wanarp.sys (manual start)
Controlador de compatibilidad de audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
Cliente Web: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Instrumental de administración de Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extensiones de controlador de Instrumental de administración de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Adaptador de rendimiento de WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Centro de seguridad: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Actualizaciones automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Configuración inalámbrica rápida: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Servicio de aprovisionamiento de red: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Martina\CONFIG~1\Temp\symlcsv1.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 37.251 bytes
Report generated in 4,186 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements


#17
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I don't see any signs of malware in that log. You may just need to install an updated driver for your keyboard.

Please visit this site.
http://www.driveragent.com/

It will scan your computer and let you know if there are updated drivers that you can install.
  • 0

#18
Martina2005

Martina2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
driveragent.com shows that my keyboard is ok, but I found out what happens: although when I press some keys different windows would open, I pressed ctrl+alt+supr to see the task admnistrator to see if it was a process I could close, and it is. Weird names apear in the list, and when I press "end process" the problem goes away, but it's just for a while, because then the problem reappears and I have to do it again. The weird names on the list that make the problem go away when I finish them are: ultman.exe ; alg.exe ; cidaemon.exe and taskmngr.exe... please help me so I can find out what it is, because even Norton can't seem to find anything weird on the system.
Thanks
  • 0

#19
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
The only one of those files that is suspicious is ultman.exe
The rest of them are normal system files.

Find ultman.exe on your computer and let me know what it is dated.

Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There may be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.
  • 0

#20
Martina2005

Martina2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi again. I found the file utilman.exe in C:\WINDOWS\SYSTEM32, C:\WINDOWS\Prefetch and C:\WINDOWS\ServicePackFiles\i386 ; I ran the online antivirus' but they didn't find anything. But when I close msmsgs.exe or another process I don't remember now, I also eliminate the problem for a while and am able to write. I don't know if it helps, but a couple weeks ago, a window popped up telling me something like "windows messenger was trying to take control of the mouse and keyboard, allow/don´t allow" obviously I pressed "don't", and then uninstalled the program. I don't know if that has something to do with this though. Well, thanks for your patience.. REALLY
Martina
  • 0

#21
Martina2005

Martina2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I had ran 2 of the antivirus' from the list but now I ran bit defender and it found a list of infections, here's the report:
Scanned File


Status

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 55)=>(ZIP Sfx s)=>cd_htm.dll


Detected with: Adware.CyDoor

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 55)=>(ZIP Sfx s)=>cd_htm.dll


Disinfection failed

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 55)=>(ZIP Sfx s)=>cd_htm.dll


Deleted

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 55)=>(ZIP Sfx s)


Updated

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 55)


Update failed

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 57)=>(NSIS o)=>bzip2_nsis0007


Detected with: Application.Adware.CommonName.A

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 57)=>(NSIS o)=>bzip2_nsis0007


Disinfection failed

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 57)=>(NSIS o)=>bzip2_nsis0007


Deleted

C:\Archivos de programa\netpumper-1[1].10.3-setup.exe=>(Instyler o)=>(Instyler Module 57)=>(NSIS o)


Update failed

C:\Archivos de programa\BSINSTALL.exe=>wise0034


Detected with: Adware.WhenU.SaveNow

C:\Archivos de programa\BSINSTALL.exe=>wise0034


Disinfection failed

C:\Archivos de programa\BSINSTALL.exe=>wise0034


Deleted

C:\Archivos de programa\BSINSTALL.exe


Update failed

C:\Archivos de programa\emule-1.0.6.exe=>(NSIS o)=>lzma_nsis0012=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Clicker.Vb.DN

C:\Archivos de programa\emule-1.0.6.exe=>(NSIS o)=>lzma_nsis0012=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\Archivos de programa\emule-1.0.6.exe=>(NSIS o)=>lzma_nsis0012=>(NSIS o)=>zlib_nsis0002


Deleted

C:\Archivos de programa\emule-1.0.6.exe=>(NSIS o)=>lzma_nsis0012=>(NSIS o)


Update failed

D:\iMeshV4.exe=>wise0020


Detected with: Application.Adware.Gator

D:\iMeshV4.exe=>wise0020


Disinfection failed

D:\iMeshV4.exe=>wise0020


Deleted

D:\iMeshV4.exe


Update failed
  • 0

#22
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Does Mcafee still find a virus on your computer?
Any difference in how your keyboard works?
  • 0

#23
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP