Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer hacked: Firewall turned off, Windows update blocked, AVG rem


  • Please log in to reply

#1
edumasc

edumasc

    New Member

  • Member
  • Pip
  • 7 posts
Dear Geeks,

I am visiting my mother over the weekend and I found that her computer got some type of malware / trojan. The main characteristics are:

1. Windows update will not work (control panel will not let you update it)
2. AVG was removed
3. Firewall was turned off
4. Firefox was removed

I decided to fix a bit the problem before coming to this forum. Firstly, turned on the firewall. I was able to update the windows (although I am still unable to access the control panel and configure auto-update / manual update for future updates). I did install Malwarebytes software and about 30 malware were found and fixed.

Would you be able to help checking if the computer is OK now and how to "turn on" the Windows update in control panel?

I am sending log file obtained by OTL / hijackthis:

OTL logfile created on: 23/6/2012 10:35:35 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Flor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,23 Mb Total Physical Memory | 198,45 Mb Available Physical Memory | 19,55% Memory free
2,39 Gb Paging File | 1,31 Gb Available in Paging File | 54,91% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 60,81 Gb Free Space | 81,60% Space Free | Partition Type: NTFS

Computer Name: TEST-FD715658FD | User Name: Flor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 10:35:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flor\Desktop\OTL.exe
PRC - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 14:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/12 16:30:44 | 000,918,880 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2011/10/07 06:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe
PRC - [2011/10/04 10:44:44 | 000,211,912 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2011/09/27 16:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Arquivos de programas\Arquivos comuns\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 09:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/05/06 06:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/05/06 06:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/03 07:39:42 | 002,221,568 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx3.cpl
MOD - [2012/06/03 07:39:42 | 001,244,672 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx1.cpl
MOD - [2012/06/03 07:39:42 | 000,724,992 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx6.cpl
MOD - [2012/03/12 16:30:44 | 000,918,880 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 16:30:38 | 001,869,152 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
MOD - [2012/01/03 20:59:42 | 001,036,288 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.PTB
MOD - [2011/10/07 06:41:16 | 000,879,896 | ---- | M] () -- C:\Arquivos de programas\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009/11/05 06:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/10/03 00:48:52 | 000,102,400 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\EScript.PTB
MOD - [2009/10/03 00:46:34 | 000,012,288 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\updater.PTB
MOD - [2009/02/27 17:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2009/02/27 17:47:40 | 000,266,240 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\DigSig.PTB
MOD - [2009/02/27 17:47:16 | 001,687,552 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\Annots.PTB
MOD - [2009/02/27 17:46:10 | 000,987,136 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\Acroform.PTB
MOD - [2009/02/27 17:45:50 | 000,077,824 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\plug_ins\accessibility.PTB
MOD - [2009/02/27 12:21:30 | 000,319,488 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroPDF.PTB
MOD - [2008/04/13 23:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/06/22 18:23:01 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/12 16:30:44 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/11/10 10:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/10/04 10:44:44 | 000,211,912 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/09/27 16:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/01 09:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/06 06:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 14:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 10:48:06 | 000,047,304 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/02 03:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 03:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 03:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/07 16:35:54 | 000,455,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/11/07 16:35:52 | 000,561,536 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/04/13 15:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/05/06 06:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/14 05:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-03-10 17:53:51&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 8.8.8.8:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.8.0.2.36
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..keyword.URL: "http://isearch.avg.c...3:51&sap=ku&q="
FF - prefs.js..network.proxy.http: "8.8.8.8"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Arquivos de programas\AVG\AVG2012\Firefox4\ File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\10.2.0.3\ [2012/03/12 16:30:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins File not found

[2011/01/31 20:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Flor\Dados de aplicativos\Mozilla\Extensions
[2012/04/26 07:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Flor\Dados de aplicativos\Mozilla\Firefox\Profiles\w3bl7wz3.default\extensions
[2012/04/24 10:28:06 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Documents and Settings\Flor\Dados de aplicativos\Mozilla\Firefox\Profiles\w3bl7wz3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2011/02/15 17:32:27 | 000,009,968 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\Mozilla\Firefox\Profiles\w3bl7wz3.default\searchplugins\mywebsearch.xml
[2011/01/26 23:15:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/12 16:30:55 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\AVG SECURE SEARCH\10.2.0.3
[2012/04/24 10:21:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 16:30:37 | 000,003,769 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/12 21:01:36 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2012/02/12 21:01:36 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/12 21:01:36 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2012/02/12 21:01:36 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/12 21:01:36 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/12/15 16:16:57 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Name of App] C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [px1] C:\Documents and Settings\Flor\Dados de aplicativos\px1.cpl File not found
O4 - HKCU..\Run: [px2] C:\Documents and Settings\Flor\Dados de aplicativos\TEST-FD715658FD.lnk ()
O4 - HKCU..\Run: [px3] C:\Documents and Settings\Flor\Dados de aplicativos\px3.cpl File not found
O4 - HKCU..\Run: [px5] C:\Documents and Settings\Flor\Dados de aplicativos\px5.exe File not found
O4 - HKCU..\Run: [px5x] C:\Documents and Settings\Flor\Dados de aplicativos\flash.exe File not found
O4 - HKCU..\Run: [px6] C:\Documents and Settings\Flor\Dados de aplicativos\px6.cpl File not found
O4 - HKCU..\Run: [wx1] C:\Documents and Settings\Flor\Dados de aplicativos\wx1.cpl ()
O4 - HKCU..\Run: [wx2] C:\Documents and Settings\Flor\Dados de aplicativos\TEST-FD715658FD.lnk ()
O4 - HKCU..\Run: [wx3] C:\Documents and Settings\Flor\Dados de aplicativos\wx3.cpl ()
O4 - HKCU..\Run: [wx5] C:\Documents and Settings\Flor\Dados de aplicativos\wx5.exe File not found
O4 - HKCU..\Run: [wx6] C:\Documents and Settings\Flor\Dados de aplicativos\wx6.cpl ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Sites confiáveis)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Detecção de dispositivo)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340386310546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340386288062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.santand...GbPluginABN.cab (GbPluginObj Class)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphot.../HPSWUpdate.ocx (CUpdateCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 198.153.194.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325F899D-75BB-4BB4-8F9B-6C9BCA86460D}: DhcpNameServer = 8.8.8.8 198.153.194.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325F899D-75BB-4BB4-8F9B-6C9BCA86460D}: NameServer = 8.8.8.8,208.67.222.222
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\arquivos de programas\arquivos comuns\logishrd\bluetooth\LBTWlgn.dll) - c:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/26 19:43:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f5f9aa9e-2ed1-11e0-819f-001e90c77f2d}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f9aa9e-2ed1-11e0-819f-001e90c77f2d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qUuoxa.Exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 10:35:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Flor\Desktop\OTL.exe
[2012/06/22 20:36:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Flor\Desktop\HijackThis.exe
[2012/06/22 18:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flor\Configurações locais\Dados de aplicativos\Logishrd
[2012/06/22 18:22:21 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Logitech
[2012/06/22 17:49:26 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/22 14:33:05 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/22 14:30:26 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 10:35:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flor\Desktop\OTL.exe
[2012/06/23 10:21:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 21:12:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 20:36:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Flor\Desktop\HijackThis.exe
[2012/06/22 18:57:54 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 18:23:51 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/06/22 18:22:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/22 18:22:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/22 18:07:29 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/22 17:52:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/22 14:51:56 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/06/04 17:35:32 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/03 19:42:36 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/06/03 19:40:45 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Flor\default.pls
[2012/06/03 19:39:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/03 07:39:57 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\idx
[2012/06/03 07:39:42 | 002,221,568 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx3.cpl
[2012/06/03 07:39:42 | 001,244,672 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx1.cpl
[2012/06/03 07:39:42 | 000,839,680 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx2.cpl
[2012/06/03 07:39:42 | 000,724,992 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx6.cpl
[2012/06/03 07:39:20 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Flor\Dados de aplicativos\id
[2012/06/02 15:19:48 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:24 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/05/31 10:21:57 | 000,605,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 08:06:23 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Flor\Desktop\Sucesso.pps
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 14:51:56 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/06/22 14:30:28 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 07:39:57 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\idx
[2012/06/03 07:39:42 | 002,221,568 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx3.cpl
[2012/06/03 07:39:42 | 001,244,672 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx1.cpl
[2012/06/03 07:39:42 | 000,839,680 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx2.cpl
[2012/06/03 07:39:42 | 000,724,992 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\wx6.cpl
[2012/05/26 08:06:22 | 000,228,864 | ---- | C] () -- C:\Documents and Settings\Flor\Desktop\Sucesso.pps
[2012/05/16 18:32:22 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\fa
[2012/05/16 18:30:19 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\TEST-FD715658FD.lnk
[2012/05/12 20:33:52 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/16 07:46:29 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\id
[2012/02/16 07:35:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/18 06:53:59 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/02/19 12:22:17 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/01 08:48:15 | 000,019,568 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/02/01 08:46:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/01/31 20:52:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/31 20:32:47 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Flor\default.pls
[2011/01/31 20:32:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/31 20:32:08 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Flor\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/28 10:12:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/26 23:06:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/01/26 21:56:47 | 000,117,800 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2011/01/26 21:37:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/26 20:39:45 | 000,150,761 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2011/01/26 20:39:44 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2011/01/26 20:28:36 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Flor\Dados de aplicativos\SamsungLiveUpdateConfig.ini
[2011/01/26 20:19:20 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2011/01/26 19:44:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/26 19:40:28 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/26 17:27:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/26 17:26:11 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:171E9AE7_Bb.gbp
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:171E9AE7_Abn.gbp
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D1B5B4F1

< End of report >


*****************************************For further info, a hijackthis LOG *****************************************************************

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:41, on 23/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\sttray.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Flor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 8.8.8.8:80
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [EvtMgr6] C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [px2] C:\Documents and Settings\Flor\Dados de aplicativos\TEST-FD715658FD.lnk
O4 - HKCU\..\Run: [px1] C:\Documents and Settings\Flor\Dados de aplicativos\px1.cpl
O4 - HKCU\..\Run: [px3] C:\Documents and Settings\Flor\Dados de aplicativos\px3.cpl
O4 - HKCU\..\Run: [px5] C:\Documents and Settings\Flor\Dados de aplicativos\px5.exe
O4 - HKCU\..\Run: [px6] C:\Documents and Settings\Flor\Dados de aplicativos\px6.cpl
O4 - HKCU\..\Run: [px5x] C:\Documents and Settings\Flor\Dados de aplicativos\flash.exe
O4 - HKCU\..\Run: [wx3] C:\Documents and Settings\Flor\Dados de aplicativos\wx3.cpl
O4 - HKCU\..\Run: [wx5] C:\Documents and Settings\Flor\Dados de aplicativos\wx5.exe
O4 - HKCU\..\Run: [wx2] C:\Documents and Settings\Flor\Dados de aplicativos\TEST-FD715658FD.lnk
O4 - HKCU\..\Run: [wx1] C:\Documents and Settings\Flor\Dados de aplicativos\wx1.cpl
O4 - HKCU\..\Run: [wx6] C:\Documents and Settings\Flor\Dados de aplicativos\wx6.cpl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Detecção de dispositivo) - http://www.logitech....Detection32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1340386310546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1340386288062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santand...GbPluginABN.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphot.../HPSWUpdate.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{325F899D-75BB-4BB4-8F9B-6C9BCA86460D}: NameServer = 8.8.8.8,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{325F899D-75BB-4BB4-8F9B-6C9BCA86460D}: NameServer = 8.8.8.8,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe (file missing)
O23 - Service: Watchdog do AVG (avgwd) - Unknown owner - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 14374 bytes

BTW,would you recommend any software to protect my mother (she is not no experienced at all!) and she likes to open those powerpoint presentations from friends... :-)

Thank you very much for your help!
edumasc
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP