I have been having some trouble getting rid of both "Hoowah" and "coowebsearch" along with several other resident problems.
I installed the Tauscan trial edition and have yet to be able to delete several files and processes that were tied to it even with Advanced Uninstaller Pro
there is also some rememnant of an ad blocker running that is stopping me from running several java applets
I've run: AVG, Housecall, spybot & lavasoft adware
I've attached logs for both Hijackthis, Silent Runners, and Itty Bitty process manager
any help that you can provide would be GREATLY appreciated
Logfile of HijackThis v1.99.1
Scan saved at 6:48:37 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
H:\avg\avgupsvc.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\DOCUME~1\Louie\LOCALS~1\Temp\sysnet.exe
E:\WINDOWS\dejadlk.EXE
E:\Program Files\Tweak-XP\tranicon.exe
E:\WINDOWS\xjmhssz.exe
E:\WINDOWS\system32\ctfmon.exe
H:\avg\avgamsvr.exe
H:\avg\avgcc.exe
H:\avg\avgemc.exe
E:\Program Files\Hijack this\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - E:\WINDOWS\system32\fofqqdjm.dll
O4 - HKLM\..\Run: [AVG7_CC] H:\avg\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] H:\avg\avgemc.exe
O4 - HKLM\..\Run: [lanbrup] E:\WINDOWS\system32\lanbrup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] E:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Sysnet] E:\DOCUME~1\Louie\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [Media Access] E:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [dejadlk] E:\WINDOWS\dejadlk.EXE
O4 - HKCU\..\Run: [TransparentIcons] "E:\Program Files\Tweak-XP\tranicon.exe" -ex
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\avg\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\avg\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - E:\WINDOWS\xjmhssz.exe
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TransparentIcons" = ""E:\Program Files\Tweak-XP\tranicon.exe" -ex" ["Totalidea Software"]
"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVG7_CC" = "H:\avg\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "H:\avg\avgemc.exe" ["GRISOFT, s.r.o."]
"lanbrup" = "E:\WINDOWS\system32\lanbrup.exe" [null data]
"NeroFilterCheck" = "E:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"POINTER" = "E:\Program Files\Microsoft Hardware\Mouse\point32.exe" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SunJavaUpdateSched" = "E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Sysnet" = "E:\DOCUME~1\Louie\LOCALS~1\Temp\sysnet.exe" [null data]
"pjmjpiu" = "E:\WINDOWS\pjmjpiu.EXE" ["System Service"]
"Media Access" = "E:\Program Files\Media Access\MediaAccK.exe" [file not found]
"TraySantaCruz" = "E:\WINDOWS\system32\tbctray.exe" ["Voyetra Turtle Beach, Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "E:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "H:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{71D1708F-973D-4600-AF01-AD86688403AE}\(Default) = "LANBridge Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\system32\fofqqdjm.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\system32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "H:\avg\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "H:\avg\avgse.dll" ["GRISOFT, s.r.o."]
"{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}" = "Tauscan Menu"
-> {CLSID}\InProcServer32\(Default) = "H:\Program Files\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "H:\avg\avgse.dll" ["GRISOFT, s.r.o."]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "h:\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {CLSID}\InProcServer32\(Default) = "H:\Program Files\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {CLSID}\InProcServer32\(Default) = "H:\Program Files\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "H:\avg\avgse.dll" ["GRISOFT, s.r.o."]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "h:\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {CLSID}\InProcServer32\(Default) = "H:\Program Files\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Louie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Louie" & "All Users" startup folders:
-------------------------------------------------------
E:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"InterVideo WinCinema Manager" -> shortcut to: "E:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 34
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "E:\Program Files\AIM\aim.exe" ["America Online, Inc."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "H:\avg\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "H:\avg\avgupsvc.exe" ["GRISOFT, s.r.o."]
IPv6 Helper Service, 6to4, "E:\WINDOWS\system32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\6to4svc.dll" [MS]}
Machine Debug Manager, MDM, ""E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Driver Helper Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows Overlay Components, Windows Overlay Components, "E:\WINDOWS\mhsewhj.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 29 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 28 seconds.
---------- (total run time: 93 seconds)
IBPM
Process list saved on 7:28:15 PM, on 8/24/2005
Platform: WinNT 5.01.2600 SP2
[pid] [full path to filename] [file version] [company name]
568 E:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
644 E:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
688 E:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
700 E:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
852 E:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
972 E:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1288 E:\WINDOWS\system32\spoolsv.exe 5.1.2600.2180 Microsoft Corporation
1532 E:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
1680 H:\avg\avgupsvc.exe 7.1.0.321 GRISOFT, s.r.o.
1728 E:\Program Files\Microsoft Hardware\Mouse\point32.exe 3.10.0.393 Microsoft Corporation
1756 E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 7.0.9064.9150 Microsoft Corporation
1788 E:\WINDOWS\System32\nvsvc32.exe 6.14.10.4523 NVIDIA Corporation
1924 E:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2004 E:\Program Files\Tweak-XP\tranicon.exe 1.0.0.0 Totalidea Software
204 E:\WINDOWS\xjmhssz.exe
216 E:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
3224 H:\avg\avgamsvr.exe 7.1.0.321 GRISOFT, s.r.o.
3268 H:\avg\avgcc.exe 7.1.0.338 GRISOFT, s.r.o.
3276 H:\avg\avgemc.exe 7.1.0.338 GRISOFT, s.r.o.
3920 E:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
1848 h:\PowerArchiver\POWERARC.EXE 9.25.2.0 ConeXware, Inc.
228 E:\DOCUME~1\Louie\LOCALS~1\Temp\_PA924\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.