WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Win32/Patched.do

2 posters

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do23rd April 2010, 3:48 pm

more_horiz
Yes please.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Patched.do - Page 1 DXwU4
Win32/Patched.do - Page 1 VvYDg

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do23rd April 2010, 8:29 pm

more_horiz
Will do ASAP.

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do23rd April 2010, 8:48 pm

more_horiz
ComboFix 10-04-21.01 - Becky 04/23/2010 16:41:06.2.2 - x86
Running from: c:\documents and settings\Becky\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Becky\Local Settings\Temporary Internet Files\plot.log

.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-22 19:21 . 2010-04-22 19:21 -------- d-----w- C:\_OTL
2010-04-22 15:10 . 2010-04-22 15:10 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-22 13:59 . 2010-04-22 14:15 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-21 18:57 . 2010-04-22 14:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-21 18:57 . 2010-04-22 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-21 18:44 . 2010-04-21 18:45 787000 ----a-w- c:\program files\prevxcsifree.exe
2010-04-21 13:29 . 2010-04-21 13:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 13:26 . 2010-04-22 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-21 13:23 . 2010-04-21 13:24 97364760 ----a-w- c:\program files\Ad-AwareInstaller.exe
2010-04-21 13:22 . 2010-04-21 13:30 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-04-21 13:05 . 2010-04-21 13:05 562840 ----a-w- c:\program files\ChromeSetup.exe
2010-04-20 15:49 . 2010-04-20 15:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-20 15:48 . 2010-04-20 15:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-20 15:48 . 2010-04-21 15:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:13 . 2010-04-07 19:13 -------- d-----w- c:\program files\Common Files\Data Dynamics
2010-04-07 19:13 . 2010-04-07 19:13 -------- d-----w- c:\program files\Common Files\Bentley Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 16:20 . 2008-04-14 12:00 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-04-22 15:11 . 2009-09-12 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 14:03 . 2009-08-05 15:40 -------- d-----w- c:\program files\Yahoo!
2010-04-22 14:03 . 2009-08-05 15:48 -------- d-----w- c:\documents and settings\Becky\Application Data\Yahoo!
2010-04-22 14:03 . 2009-08-05 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-20 18:01 . 2009-12-28 20:13 -------- d-----w- c:\program files\Common Files\Apple
2010-04-20 17:46 . 2009-08-07 14:06 -------- d-----w- c:\program files\A2C32
2010-04-20 16:01 . 2009-12-22 16:06 -------- d-----w- c:\program files\Google
2010-04-19 15:13 . 2009-10-13 21:06 910232 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-14 07:03 . 2009-08-04 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-07 19:40 . 2009-08-04 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Bentley
2010-04-07 19:13 . 2009-08-04 18:12 -------- d-----w- c:\program files\Bentley
2010-03-30 04:46 . 2009-09-12 20:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-09-12 20:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 17:19 . 2010-03-23 17:19 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-23 17:19 . 2010-03-23 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-03-14 02:00 . 2010-02-24 01:43 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-12 18:16 . 2010-03-12 18:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-11 16:54 . 2010-02-10 15:43 0 ------w- c:\documents and settings\Becky\Application Data\Sun\Java\Deployment\cache\6.0\ext\E1265816595452\jre-1_5_0_08-windows-i586-p-iftw.exe
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 21:15 . 2010-03-10 21:15 36864 ----a-w- c:\documents and settings\Becky\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 01:26 . 2010-02-26 01:26 -------- d-----w- c:\program files\Raster Design 2010 OE
2010-02-25 22:11 . 2010-02-25 01:08 -------- d-----w- c:\program files\AutoCAD Civil 3D 2010
2010-02-25 20:27 . 2010-02-25 20:27 700784 ----a-w- c:\program files\GoogleCalendarSync_Installer.exe
2010-02-25 13:42 . 2010-02-25 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-25 02:49 . 2010-02-25 02:49 81920 ----a-w- c:\documents and settings\Becky\Application Data\Autodesk\C3D 2010\enu\ContextualTabSelectorRules.dll
2010-02-25 02:49 . 2009-08-04 16:17 100056 ----a-w- c:\documents and settings\Becky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 02:12 . 2009-08-04 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-02-25 02:11 . 2009-08-04 14:53 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-02-25 01:15 . 2009-08-04 14:53 -------- d-----w- c:\program files\Autodesk
2010-02-25 01:09 . 2009-08-04 14:53 -------- d-----w- c:\documents and settings\Becky\Application Data\Autodesk
2010-02-25 01:07 . 2010-02-25 01:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-25 01:07 . 2010-02-25 01:07 -------- d-----w- c:\program files\Microsoft Visual Basic 2005 Power Packs
2010-02-25 01:07 . 2010-02-25 01:07 -------- d-----w- c:\program files\Microsoft SDKs
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 01:09 . 2010-02-21 01:09 622592 ----a-w- c:\documents and settings\All Users\Application Data\Autodesk\C3D 2010\enu\Data\Reports\Net\en-US\C3DReport.resources.dll
2010-02-21 01:03 . 2010-02-21 01:03 223800 ----a-w- c:\documents and settings\All Users\Application Data\Autodesk\C3D 2010\enu\Data\Reports\Net\Office.dll
2010-02-21 01:03 . 2010-02-21 01:03 662120 ----a-w- c:\documents and settings\All Users\Application Data\Autodesk\C3D 2010\enu\Data\Reports\Net\Microsoft.Office.Interop.Word.dll
2010-02-21 01:03 . 2010-02-21 01:03 64088 ----a-w- c:\documents and settings\All Users\Application Data\Autodesk\C3D 2010\enu\Data\Reports\Net\Microsoft.Vbe.Interop.dll
2010-02-21 01:03 . 2010-02-21 01:03 1100392 ----a-w- c:\documents and settings\All Users\Application Data\Autodesk\C3D 2010\enu\Data\Reports\Net\Microsoft.Office.Interop.Excel.dll
2010-02-21 01:03 . 2010-02-21 01:03 2850816 ----a-w- c:\documents and settings\Becky\Application Data\Autodesk\C3D 2010\enu\Support\Civil.dll
2010-02-21 01:03 . 2010-02-21 01:03 2850816 ----a-w- c:\documents and settings\Becky\Application Data\Autodesk\C3D 2010\enu\Support\C3D.dll
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-12-28 20:12 . 2009-12-28 20:12 93234472 ----a-w- c:\program files\iTunesSetup.exe
2009-12-22 16:05 . 2009-12-22 16:05 564064 ----a-w- c:\program files\googleupdatesetup.exe
2009-08-19 17:43 . 2009-08-19 17:41 37381304 ----a-w- c:\program files\HEC-RAS_40_Beta_Setup.exe
2009-08-18 13:42 . 2009-08-18 13:42 28275440 ----a-w- c:\program files\125060294356.zip
2009-08-05 15:47 . 2009-08-05 15:47 442080 ----a-w- c:\program files\msgr9us.exe
2008-03-07 20:49 . 2008-03-07 20:49 9285632 ----a-w- c:\program files\HydraflowExpress.exe
2008-03-07 20:49 . 2008-03-07 20:49 5693440 ----a-w- c:\program files\Hydro2007.exe
2008-03-07 20:49 . 2008-03-07 20:49 7053312 ----a-w- c:\program files\Storm2009.exe
2008-03-07 20:49 . 2008-03-07 20:49 6850 ----a-w- c:\program files\Storm2009.ini
2008-03-07 20:49 . 2008-03-07 20:49 2602 ----a-w- c:\program files\AllFields.rpt
2008-03-07 20:48 . 2008-03-07 20:48 3883846 ----a-w- c:\program files\Storm_Sewers_User_Guide.pdf
2008-03-07 20:48 . 2008-03-07 20:48 1216 ----a-w- c:\program files\Express.ini
2008-03-07 20:48 . 2008-03-07 20:48 884140 ----a-w- c:\program files\Hydrographs.chm
2008-03-07 20:48 . 2008-03-07 20:48 482979 ----a-w- c:\program files\Storm_Sewers.chm
2008-03-07 20:48 . 2008-03-07 20:48 2928916 ----a-w- c:\program files\Hydrographs_User_Guide.pdf
2008-03-07 20:48 . 2008-03-07 20:48 1180801 ----a-w- c:\program files\Express_User_Guide.pdf
2007-10-05 15:40 . 2007-10-05 15:40 9512 ----a-w- c:\program files\Hydro2007.ini
2007-04-30 20:38 . 2007-04-30 20:38 598 ----a-w- c:\program files\Storm2008.exe.manifest
2007-03-21 21:07 . 2007-03-21 21:07 486562 ----a-w- c:\program files\Sample2007.gpw
2007-03-21 20:48 . 2007-03-21 20:48 85431 ----a-w- c:\program files\PondToolsExample.gpw
2007-03-21 19:44 . 2007-03-21 19:44 141075 ----a-w- c:\program files\PreandPostDevelopment2007.gpw
2007-02-07 20:28 . 2007-02-07 20:28 208841 ----a-w- c:\program files\WatershedBasics2007.gpw
2007-01-24 15:29 . 2007-01-24 15:29 288 ----a-w- c:\program files\Sample.pcp
2006-12-13 16:29 . 2006-12-13 16:29 8783 ----a-w- c:\program files\Sample.cds
2006-12-13 16:17 . 2006-12-13 16:17 392 ----a-w- c:\program files\SampleFHA.idf
2006-12-13 16:17 . 2006-12-13 16:17 327790 ----a-w- c:\program files\Interconnected.gpw
2006-10-09 20:47 . 2006-10-09 20:47 5117 ----a-w- c:\program files\SampleExpress.hxp
2006-02-07 20:43 . 2006-02-07 20:43 508 ----a-w- c:\program files\FLZone1H.IDF
2006-01-26 20:13 . 2006-01-26 20:13 189 ----a-w- c:\program files\SampleExpress.pcp
2005-11-14 16:39 . 2005-11-14 16:39 426 ----a-w- c:\program files\SampleExpress.IDF
2005-04-01 14:54 . 2005-04-01 14:54 637 ----a-w- c:\program files\HydraflowExpress.exe.manifest
2004-10-18 22:29 . 2004-10-18 22:29 508 ----a-w- c:\program files\FLZone1.IDF
2004-04-02 13:47 . 2004-04-02 13:47 8715 ----a-w- c:\program files\NJWaterQuality.cds
2003-12-15 22:01 . 2003-12-15 22:01 9554 ----a-w- c:\program files\TypeIIAsCustom.cds
2003-02-06 21:22 . 2003-02-06 21:22 596 ----a-w- c:\program files\Hydro2007.exe.manifest
2001-08-18 10:00 . 2001-08-18 10:00 7376 ----a-w- c:\program files\InsJunct.WAV
2001-08-18 10:00 . 2001-08-18 10:00 1290 ----a-w- c:\program files\Undo.WAV
1999-08-20 16:18 . 1999-08-20 16:18 13920 ----a-w- c:\program files\DelLine.wav
1999-01-21 13:55 . 1999-01-21 13:55 382 ----a-w- c:\program files\Click.wav
1999-01-21 13:55 . 1999-01-21 13:55 1128 ----a-w- c:\program files\Snapped.WAV
1999-01-21 13:55 . 1999-01-21 13:55 10200 ----a-w- c:\program files\AddLine.wav
1996-04-12 22:19 . 1996-04-12 22:19 11520 ----a-w- c:\program files\Compute.wav
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-03 21:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/3/2009 5:13 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/3/2009 5:12 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/3/2009 5:13 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/3/2009 5:12 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/3/2009 5:12 PM 297752]
R2 DWP_Proxy_Service;DWP Local Proxy Service;c:\program files\Webroot\Desktop Web Proxy\wsdwpps.exe [11/13/2009 5:01 AM 521640]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 12:06 PM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 10:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 10:32 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Becky\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Becky\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 10:31 AM 1120752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 16:06]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = localhost:3128
uInternet Settings,ProxyOverride = ftp.mcgillengineers.com;vision.mcgillengineers.com;webmail.mcgillengineers.com;sponsorinsight.com;kh.google.com;mw1.google.com;mw2.google.com;cbk0.google.com;mt0.google.com;*216.119.24.47;*209.137.246.138*;*208.93.105.94*;*yellowpages.com*;wbir.com;mcgillbidline.com;maps.haywoodnc.net
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mcgillengineers.com\vision
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\98cw94wt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - weather.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\a7a1435d-ff7b-41a1-a85f-c7119fe3b904.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(784)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-04-23 16:46:43
ComboFix-quarantined-files.txt 2010-04-23 20:46

Pre-Run: 116,485,554,176 bytes free
Post-Run: 116,482,240,512 bytes free

- - End Of File - - 2CB2DF463E4C399FF07F51BE4BB3F9E1

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do23rd April 2010, 10:23 pm

more_horiz
Hello.
We need to check for a rootkit:

Download the GMER rootkit scan from here: GMER

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Patched.do - Page 1 DXwU4
Win32/Patched.do - Page 1 VvYDg

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do25th April 2010, 1:48 am

more_horiz
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 15:10:03
Windows 5.1.2600 Service Pack 3
Running: e268bunv.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\kwtdapob.sys


---- System - GMER 1.0.15 ----

INT 0x01 ? B83C92A4

Code \??\C:\DOCUME~1\Becky\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6843380, 0x3DEB95, 0xE8000020]
? C:\DOCUME~1\Becky\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352046 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FC7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35200B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F53 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F8D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352081 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352243 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do25th April 2010, 8:51 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Patched.do - Page 1 DXwU4
Win32/Patched.do - Page 1 VvYDg

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do26th April 2010, 12:30 am

more_horiz
Seems to be running great. I will watch it for a day or two. Thanks once again for your assistance. I will be donating. Have a great day.

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do26th April 2010, 9:15 pm

more_horiz
We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Patched.do - Page 1 DXwU4
Win32/Patched.do - Page 1 VvYDg

descriptionWin32/Patched.do - Page 1 EmptyRe: Win32/Patched.do

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum