Starware316

I believe one of my family members may have installed Starware316 toolbar, and its really annoying since it constantly opens up a new IE page with irrelevant searches, plus the constant popups. Here are my logs. Will post the others as soon as I get them.

 

I'll be here when you are ready.

 

Ok, sorry it took so long to get back to you, had to go to dinner with relatives.
Ok, Spybot did not find any immediate threats. I ran AdAware, though I know I shouldnt have, and it removed 3 keys and 2 values related to Starware. Here is my log for AVG, since my Counterspy was expired. I was not able to get Activescan to run in Safe Mode with Networking, and I accidentally saved my Bitdefender as HTML, instead of txt so ill just upload that in a ZIP. Should I run Activescan in Normal Mode?

 

Download
- Pocket Killbox

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop.

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Run Panda AvtiveScan in Normal Mode if it won't run in Safe Mode.

Post a fresh HijackThis log.

 

I tried to run Activescan in Normal Mode too but it just self-closes after a while.
Heres the Activescan report before it closed. Also heres a new HiJackThisLog.

 

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop.

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6 available from Sun Microsystems. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

When you try to run Panda ActiveScan make sure you completely exist Avast first.

Download Blacklight Beta from here:
http://www.majorgeeks.com/F-Secure_BlackLight_d5156.html

* Download blbeta.exe and save it to the Desktop.
* Once saved... double click blbeta.exe to install the program.
* Click accept agreement and Click scan
This app too may fire off a warning from antivirus. Let the driver load.
Wait for it to finish.
* If it displays any items...don't do anything with them yet. Just hit exit (close)
* It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

 

Ok here is the log and Im running Activescan again to see if it works this time.

 

No luck with activescan, it scans around 120-130k files before it just closes. It still finds one hacking tool though, ill rescan and tell you what it is.

EDIT- heres the report just before it abruptly ends, doesnt look like spyware


Incident Status Location
Potentially unwanted tool:Application/KillApp.B

 

The BlackLight log is clean and the 1 thing Panda did find, before it crashed, is not anything to be concerned about. KillApp is installed alongside HP applications.

I am a little concerned about Panda not being able to complete a scan.

Let's use a different RootKit scanner. Follow the directions fr Using Sophos Anti-Rootkit.

 

Sorry for the delay

Sophos did not find anything, heres the log.

Maybe if I were to uninstall the ActiveX Panda uses for their scan and try to proceed again how would I go with that? Or do you have another option?

 

Yes, uninstall the ActiveX control for Panda ActiveScan and try it again.

 

Yes, the scan did complete, and nothing bad was found, but heres the log if you wanna look at it. Thanks for the help with removing Starware its very much appreciated Shadow_Puter_Dude.

Hope you have a Happy New Year.

 

Looks like the system is clean.