louisc
2010-12-03, 02:08
I can't get rid of Mighty Magoo no matter what I have tried. It highlights words in websites and puts ads on them. I went to all the file paths that I saw here that were associated with it, and I deleted all the contents. It still is a problem but there are no files in the folders as far as I can see.
Thanks
DDS (Ver_10-11-27.01) - NTFSx86
Run by Louis Connelly at 19:50:14.20 on Thu 12/02/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2520.1281 [GMT -5:00]
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Louis Connelly\Downloads\dds (1).com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Mighty Magoo Text: {97e74a14-e5f1-40cc-9b0f-0d11946e5469} - c:\program files\mighty magoo\mmagootl.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
uRun: [Google Update] "c:\users\louis connelly\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\louis connelly\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Mightymagoo] c:\program files\mighty magoo\mightymagoo32.exe a
StartupFolder: c:\users\louisc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\louisc~1\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\users\louis connelly\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\louis connelly\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\louis connelly\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\louis connelly\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\louis connelly\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\louisc~1\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: TVU Web Player: firefox@tvunetworks.com - c:\users\louisc~1\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\extensions\firefox@tvunetworks.com
---- FIREFOX POLICIES ----
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-9-29 1831024]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-28 102448]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-15 1343400]
=============== Created Last 30 ================
2010-12-02 23:53:41 -------- d-----w- c:\users\louisc~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-02 23:53:41 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-02 23:53:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-02 19:43:02 -------- d-----w- c:\users\louisc~1\appdata\roaming\Malwarebytes
2010-12-02 19:42:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 19:42:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-02 19:42:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 19:42:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 19:35:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-02 19:24:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-02 19:22:31 -------- d-----w- c:\progra~2\Hitman Pro
2010-12-02 03:38:32 -------- d-----w- c:\users\louisc~1\appdata\roaming\GetRightToGo
2010-12-01 05:09:16 388096 ----a-r- c:\users\louisc~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-01 05:09:14 -------- d-----w- c:\program files\Trend Micro
2010-11-27 17:28:14 -------- d-----w- c:\program files\Dogpile Bundle Toolbar
2010-11-24 21:43:07 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-22 01:30:43 -------- d-----w- c:\users\louisc~1\appdata\roaming\OpenOffice.org
2010-11-22 01:19:38 -------- d-----w- c:\program files\JRE
2010-11-22 01:18:08 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-20 18:46:48 -------- d-----w- C:\Stata8
2010-11-20 18:46:46 -------- d-----w- C:\DATA
2010-11-18 20:33:49 -------- d-----w- c:\program files\Sun
2010-11-18 02:43:38 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-17 03:30:53 -------- d-----w- c:\program files\Paint.NET
2010-11-17 03:30:25 -------- d-----w- c:\users\louisc~1\appdata\local\Paint.NET
2010-11-09 11:57:18 -------- d-----w- C:\5bf1ea40badf1087cc5c0c6a
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-29 10:16:38 89600 ----a-w- c:\windows\system32\atl71.dll
2010-09-29 10:16:38 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-09-29 10:16:38 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
============= FINISH: 19:50:33.93 ===============
Thanks
DDS (Ver_10-11-27.01) - NTFSx86
Run by Louis Connelly at 19:50:14.20 on Thu 12/02/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2520.1281 [GMT -5:00]
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Louis Connelly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Louis Connelly\Downloads\dds (1).com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Mighty Magoo Text: {97e74a14-e5f1-40cc-9b0f-0d11946e5469} - c:\program files\mighty magoo\mmagootl.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
uRun: [Google Update] "c:\users\louis connelly\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\louis connelly\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Mightymagoo] c:\program files\mighty magoo\mightymagoo32.exe a
StartupFolder: c:\users\louisc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\louisc~1\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\users\louis connelly\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\louis connelly\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\louis connelly\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\louis connelly\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\louis connelly\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\louisc~1\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: TVU Web Player: firefox@tvunetworks.com - c:\users\louisc~1\appdata\roaming\mozilla\firefox\profiles\4b7gg11j.default\extensions\firefox@tvunetworks.com
---- FIREFOX POLICIES ----
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-9-29 1831024]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-28 102448]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-15 1343400]
=============== Created Last 30 ================
2010-12-02 23:53:41 -------- d-----w- c:\users\louisc~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-02 23:53:41 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-02 23:53:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-02 19:43:02 -------- d-----w- c:\users\louisc~1\appdata\roaming\Malwarebytes
2010-12-02 19:42:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 19:42:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-02 19:42:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 19:42:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 19:35:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-02 19:24:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-02 19:22:31 -------- d-----w- c:\progra~2\Hitman Pro
2010-12-02 03:38:32 -------- d-----w- c:\users\louisc~1\appdata\roaming\GetRightToGo
2010-12-01 05:09:16 388096 ----a-r- c:\users\louisc~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-01 05:09:14 -------- d-----w- c:\program files\Trend Micro
2010-11-27 17:28:14 -------- d-----w- c:\program files\Dogpile Bundle Toolbar
2010-11-24 21:43:07 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-22 01:30:43 -------- d-----w- c:\users\louisc~1\appdata\roaming\OpenOffice.org
2010-11-22 01:19:38 -------- d-----w- c:\program files\JRE
2010-11-22 01:18:08 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-20 18:46:48 -------- d-----w- C:\Stata8
2010-11-20 18:46:46 -------- d-----w- C:\DATA
2010-11-18 20:33:49 -------- d-----w- c:\program files\Sun
2010-11-18 02:43:38 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-17 03:30:53 -------- d-----w- c:\program files\Paint.NET
2010-11-17 03:30:25 -------- d-----w- c:\users\louisc~1\appdata\local\Paint.NET
2010-11-09 11:57:18 -------- d-----w- C:\5bf1ea40badf1087cc5c0c6a
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-29 10:16:38 89600 ----a-w- c:\windows\system32\atl71.dll
2010-09-29 10:16:38 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-09-29 10:16:38 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
============= FINISH: 19:50:33.93 ===============