Sign in to follow this  
sean

starware toolbar

Recommended Posts

hi. This is the first time i have tried this , so here goes:

every time i run a adaware scan it finds starware toolbar and quarentines it but it keeps coming back.

any ideas how to get rid of it?

many thanks in advance

sean.

Share this post


Link to post
Share on other sites

In my experience, the Starware toolbar can usually be removed easily through Add/Remove Programs in the Control Panel. If you do not know how to do this, follow these instructions:

 

Click on Start

 

Click on Control Panel

 

Click (or double click) on Add or Remove Programs

 

Click on Starware Toolbar

 

Click on Change/Remove

 

Follow the on-screen instructions to remove Starware Toolbar from your computer.

Share this post


Link to post
Share on other sites
In my experience, the Starware toolbar can usually be removed easily through Add/Remove Programs in the Control Panel. If you do not know how to do this, follow these instructions:

 

Click on Start

 

Click on Control Panel

 

Click (or double click) on Add or Remove Programs

 

Click on Starware Toolbar

 

Click on Change/Remove

 

Follow the on-screen instructions to remove Starware Toolbar from your computer.

 

Thanks for getting back to me.

I have already removed it using add/remove, but i still keep finding it when i run a scan using ad-aware.

bit defender pro / windows defender does not find anything?

Share this post


Link to post
Share on other sites

Hello... please post an Ad-Aware scan log, so we can asscertain if this really is a leftover of StarwareToolbar or a possible false positive....

 

Thanks

Share this post


Link to post
Share on other sites
Hello... please post an Ad-Aware scan log, so we can asscertain if this really is a leftover of StarwareToolbar or a possible false positive....

 

Thanks

 

hello steve.

when i get to around 130079 on a ad-aware full system scan it stops ?

I have a hijackthis log if thats any use to you

many thanks for your time,

sean.

 

Logfile of HijackThis v1.99.1

Scan saved at 19:02:03, on 02/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5346.0005)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\progra~1\softwin\bitdef~1\bdswitch.exe

C:\progra~1\softwin\bitdef~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\progra~1\softwin\bitdef~1\bdnagent.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Documents and Settings\shaun\My Documents\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...NF8MLWtu2Otm0k=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.co.uk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"

O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140637685375

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Share this post


Link to post
Share on other sites

I cannot see any evidence of Starware Toolbar in that HijackThis log....

 

if you stop the scan when it hangs, does Ad-Aware recover and give you a summary of the scan?

Share this post


Link to post
Share on other sites
Guest winchester73
I cannot see any evidence of Starware Toolbar in that HijackThis log....

 

if you stop the scan when it hangs, does Ad-Aware recover and give you a summary of the scan?

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...NF8MLWtu2Otm0k=

 

:o

 

Let's see if the solution is simple ...

 

Close all open windows, and run HJT again. Put a checkmark next to the following items and press "Fix Checked":

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...NF8MLWtu2Otm0k=

 

R3 - URLSearchHook: (no name) - - (no file)

 

 

See if Ad-Aware continues to detect Starware.

Share this post


Link to post
Share on other sites
Guest winchester73

You could also verify that the add-on is gone using Microsoft's Add-on Manager. I haven't played with IE7 yet, but I presume the instructions would be the same as for IE6.

 

Open Internet Explorer > Tools, click 'Manage Add-ons'.

 

If Starware removed properly using Add/Remove Programs, it shouldn't appear in the list.

Share this post


Link to post
Share on other sites

Thanks Winchester... I think my eyes have gone square... I guess CTRL + F would have been a good idea...

Share this post


Link to post
Share on other sites
Guest winchester73

:o

 

I know the feeling mate.

 

 

BTW, same issue here: http://www.lavasoftsupport.com/index.php?showtopic=335&hl=

 

Maybe you could consolidate the two threads?

 

 

 

@sean ...

 

All of those logs you posted are identical. After you have done the above, reboot your computer, and post a fresh HJT log. Also, let us know the status of your problem.

Share this post


Link to post
Share on other sites
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...NF8MLWtu2Otm0k=

 

:o

 

Let's see if the solution is simple ...

 

Close all open windows, and run HJT again. Put a checkmark next to the following items and press "Fix Checked":

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...NF8MLWtu2Otm0k=

 

R3 - URLSearchHook: (no name) - - (no file)

See if Ad-Aware continues to detect Starware.

 

Sorry about all the hijackthis logs.

I ran hijackthis and checked ro,r1,r3 and pressed fix checked, i ran hijackthis again and ro is still on the log.

 

adaware will complete a quick scan but not a full system scan it hangs at around 130079.

 

on the quick scan it still finds starware

 

many thanks sean.

Share this post


Link to post
Share on other sites
Guest winchester73

Reboot, and post a fresh HJT log please.

Share this post


Link to post
Share on other sites
Reboot, and post a fresh HJT log please.

 

Done a new hjt, also i checked to see if any add on was left after i removed starware using add / remove, and theirs none.

 

many thanks for your time,

sean.

 

Logfile of HijackThis v1.99.1

Scan saved at 05:39:20, on 05/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5346.0005)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\Explorer.EXE

C:\progra~1\softwin\bitdef~1\bdswitch.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\progra~1\softwin\bitdef~1\bdnagent.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

c:\progra~1\softwin\bitdef~1\bdmcon.exe

c:\progra~1\softwin\bitdef~1\bdlite.exe

C:\Program Files\PCRescue3.0\PCRescue.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\shaun\My Documents\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.co.uk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"

O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140637685375

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Share this post


Link to post
Share on other sites
Guest winchester73

Did you also check the 'Manage Add-Ons'?

 

Try fixing this item again with HJT:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

 

If no joy, try booting into safe mode first: http://service1.symantec.com/SUPPORT/tsgen...06?OpenDocument

 

Run HJT, fix the item, then reboot normally.

 

If that doesn't work, we'll have to try something else.

 

 

As for the scan 'hang', perhaps somebody from LS can help here?

Share this post


Link to post
Share on other sites
Did you also check the 'Manage Add-Ons'?

 

Try fixing this item again with HJT:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...9uXEc5kAim7Iwpm

 

If no joy, try booting into safe mode first: http://service1.symantec.com/SUPPORT/tsgen...06?OpenDocument

 

Run HJT, fix the item, then reboot normally.

 

If that doesn't work, we'll have to try something else.

As for the scan 'hang', perhaps somebody from LS can help here?

 

Yes i checked manage Add-ons and coulden't find nothing to do with stareware.

Also i ran a couple of hjt scans and fixed RO, and it still came back?

 

This safe mode is all new to me and looks a bit complicated, i will have a good read and try it. Im a novice at this kind of thing. so please stick with me and give me time. ( can only get on our pc when my Two teenage boys give me a chance to have a go).

 

As for the full system scan stopping i have been reading all the postings about this problem and tried a couple of suggestions, so far i am having the same problem ill take your advice and try someone from LS.

 

many thanks again sean.

Share this post


Link to post
Share on other sites
I cannot see any evidence of Starware Toolbar in that HijackThis log....

 

if you stop the scan when it hangs, does Ad-Aware recover and give you a summary of the scan?

 

steve.

sorry about all the hjt logs, complete novice at this.

 

After reading the postings on full system scans hanging, i went into the tweak settings and unchecked : unload reqongnized processes and modules during scan.

 

I have just ran two full system scans and had no trouble .

 

It still finds this D*mn stareware rubbish

 

I am getting advice on this problem from winchester.

 

thanks sean.

Share this post


Link to post
Share on other sites
Guest winchester73
This safe mode is all new to me and looks a bit complicated, i will have a good read and try it. Im a novice at this kind of thing. so please stick with me and give me time. ( can only get on our pc when my Two teenage boys give me a chance to have a go).

 

No worries mate ... :unsure:

 

Safe mode is a diagnostic way to start Windows ... it loads minimal configuration and generic drivers.

 

This will explain: http://computer.howstuffworks.com/question575.htm

 

 

Now that you have the Ad-Aware scan working properly, can you post the section that sows the Starware item(s)? It will show the filepath and will direct us to the file(s).

Share this post


Link to post
Share on other sites
No worries mate ... ;)

 

Safe mode is a diagnostic way to start Windows ... it loads minimal configuration and generic drivers.

 

This will explain: http://computer.howstuffworks.com/question575.htm

Now that you have the Ad-Aware scan working properly, can you post the section that sows the Starware item(s)? It will show the filepath and will direct us to the file(s).

 

Good morning to you winchester.

 

Here's the log file you requested,

 

talk soon, thanks sean.

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:06 May 2006 07:15:30

Using definitions file:SE1R106 02.05.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):13 total references

Starware Toolbar(TAC index:5):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

06-05-2006 07:15:30 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\shaun\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 448

ThreadCreationTime : 06-05-2006 06:08:04

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 496

ThreadCreationTime : 06-05-2006 06:08:06

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 520

ThreadCreationTime : 06-05-2006 06:08:06

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 564

ThreadCreationTime : 06-05-2006 06:08:07

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 576

ThreadCreationTime : 06-05-2006 06:08:07

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 724

ThreadCreationTime : 06-05-2006 06:08:07

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 784

ThreadCreationTime : 06-05-2006 06:08:08

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [msmpeng.exe]

FilePath : C:\Program Files\Windows Defender\

ProcessID : 848

ThreadCreationTime : 06-05-2006 06:08:08

BasePriority : Normal

FileVersion : 1.1.1051.0

ProductVersion : 1.1.1051.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 892

ThreadCreationTime : 06-05-2006 06:08:08

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 952

ThreadCreationTime : 06-05-2006 06:08:08

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1092

ThreadCreationTime : 06-05-2006 06:08:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1240

ThreadCreationTime : 06-05-2006 06:08:12

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1488

ThreadCreationTime : 06-05-2006 06:08:19

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:14 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1708

ThreadCreationTime : 06-05-2006 06:08:20

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:15 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1812

ThreadCreationTime : 06-05-2006 06:08:23

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:16 [xcommsvr.exe]

FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\

ProcessID : 1860

ThreadCreationTime : 06-05-2006 06:08:23

BasePriority : Normal

FileVersion : 1, 8, 11, 0

ProductVersion : 1, 8, 11, 0

ProductName : Softwin BitDefender Communicator Server

CompanyName : Softwin

FileDescription : BitDefender Communicator Server

InternalName : XCOMMSVR

LegalCopyright : Copyright © 2003-2004 Softwin

OriginalFilename : xcommsvr.exe

Comments : Manages communication between BitDefender components

 

#:17 [bdss.exe]

FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\

ProcessID : 1896

ThreadCreationTime : 06-05-2006 06:08:23

BasePriority : Normal

 

 

#:18 [livesrv.exe]

FilePath : C:\Program Files\Common Files\Softwin\BitDefender Update Service\

ProcessID : 1916

ThreadCreationTime : 06-05-2006 06:08:24

BasePriority : Normal

FileVersion : 9, 0, 0, 0

ProductVersion : 9, 0, 0, 0

ProductName : BitDefender 9

CompanyName : SOFTWIN S.R.L.

FileDescription : BitDefender Security Service

InternalName : LiveSrv

LegalCopyright : © 2005 SOFTWIN S.R.L.

OriginalFilename : livesrv.exe

 

#:19 [bdswitch.exe]

FilePath : C:\progra~1\softwin\bitdef~1\

ProcessID : 1972

ThreadCreationTime : 06-05-2006 06:08:25

BasePriority : Normal

 

 

#:20 [bdmcon.exe]

FilePath : C:\progra~1\softwin\bitdef~1\

ProcessID : 1984

ThreadCreationTime : 06-05-2006 06:08:25

BasePriority : Normal

FileVersion : 9, 0, 0, 7

ProductVersion : 9, 0, 0, 7

ProductName : BitDefender 9

CompanyName : SOFTWIN S.R.L.

FileDescription : BitDefender Management Console

InternalName : Management Console

LegalCopyright : © 2005 SOFTWIN S.R.L.

OriginalFilename : bdmcon.exe

 

#:21 [bdoesrv.exe]

FilePath : C:\Program Files\Softwin\BitDefender9\

ProcessID : 1992

ThreadCreationTime : 06-05-2006 06:08:26

BasePriority : Normal

FileVersion : 8, 1, 0, 0

ProductVersion : 8, 1, 0, 0

ProductName : Bitdefender 8

CompanyName : SOFTWIN SRL

FileDescription : bdoesrv application

InternalName : bdoesrv

LegalCopyright : © 2005 SOFTWIN S.R.L.

OriginalFilename : bdoesrv.exe

 

#:22 [bdnagent.exe]

FilePath : C:\progra~1\softwin\bitdef~1\

ProcessID : 2004

ThreadCreationTime : 06-05-2006 06:08:27

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 0, 0, 0, 0

ProductName : BitDefender News Agent

CompanyName : SOFTWIN S.R.L

FileDescription : BitDefender News Agent

InternalName : News Agent

LegalCopyright : © 2005 SOFTWIN S.R.L.

OriginalFilename : BDNewsAgent.exe

 

#:23 [msascui.exe]

FilePath : C:\Program Files\Windows Defender\

ProcessID : 2016

ThreadCreationTime : 06-05-2006 06:08:28

BasePriority : Normal

FileVersion : 1.1.1051.0

ProductVersion : 1.1.1051.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : User Interface

InternalName : MSASCUI

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MSASCUI.exe

 

#:24 [nmbgmonitor.exe]

FilePath : C:\Program Files\Common Files\Ahead\lib\

ProcessID : 2024

ThreadCreationTime : 06-05-2006 06:08:28

BasePriority : Normal

 

 

#:25 [ad-watch.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ProcessID : 2036

ThreadCreationTime : 06-05-2006 06:08:29

BasePriority : High

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : 1999-2004 Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:26 [vsserv.exe]

FilePath : C:\Program Files\Softwin\BitDefender9\

ProcessID : 260

ThreadCreationTime : 06-05-2006 06:08:32

BasePriority : Normal

FileVersion : 9, 0, 0, 11

ProductVersion : 9, 0, 0, 11

ProductName : BitDefender 9

CompanyName : SOFTWIN S.R.L.

FileDescription : BitDefender Security Service

InternalName : VSServ

LegalCopyright : © 2005 SOFTWIN S.R.L.

OriginalFilename : vsserv.exe

 

#:27 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1460

ThreadCreationTime : 06-05-2006 06:08:42

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:28 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2428

ThreadCreationTime : 06-05-2006 06:09:19

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:29 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 2476

ThreadCreationTime : 06-05-2006 06:09:23

BasePriority : Normal

FileVersion : 7.00.5346.5 (winmain(wmbla).060413-2150)

ProductVersion : 7.00.5346.5

ProductName : Microsoft® Internet Explorer

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:30 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 2868

ThreadCreationTime : 06-05-2006 06:15:05

BasePriority : Normal

FileVersion : 6.2.0.238

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

 

Starware Toolbar Object Recognized!

Type : RegValue

Data :

TAC Rating : 5

Category : Adware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-835872158-343986570-404022056-1005\software\microsoft\internet explorer\toolbar\Webbrowser

Value : {2d51d869-c36b-42bd-ae68-0a81bc771fa5}

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

<SKIP> c:\system volume information\

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 14

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

 

07:30:41 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:15:11.531

Objects scanned:139260

Objects identified:1

Objects ignored:0

New critical objects:1

Share this post


Link to post
Share on other sites
Guest winchester73

winchester73 gallops off to find SpyDie to create a regfile merge ... :)

 

Just like the old days ... ;)

Share this post


Link to post
Share on other sites

Hey sean,

 

You seem to have a stubborn registry item there....

 

Can you download this and run it for me please? We'll see if this gets rid of it, if not we will try a different method.

 

Attached to my post is a file called remove.reg, download it and launch it. (When you double-click on it to run it, you'll be prompted with a message smiliar to 'Do you wish to add the information into the registry?', make sure you click Yes)

 

No restart is needed, just simply re-scan with Ad-aware afterwards to see if it is still there.

 

Just like the old days ...

 

Some things never change ;)

 

Note: It seems this forum doesn't allow .reg files to be uploaded so, sean when you download it, rename it to remove.reg. Sorry about that.

remove.txt

Share this post


Link to post
Share on other sites
Guest winchester73

Forum doesn't allow .reg files ... ;)

 

Thanks mate ... :)

 

 

iamskinz7dz.jpg

 

BTW, that avatar looks familiar ... :)

Share this post


Link to post
Share on other sites
Hey sean,

 

You seem to have a stubborn registry item there....

 

Can you download this and run it for me please? We'll see if this gets rid of it, if not we will try a different method.

 

Attached to my post is a file called remove.reg, download it and launch it. (When you double-click on it to run it, you'll be prompted with a message smiliar to 'Do you wish to add the information into the registry?', make sure you click Yes)

 

No restart is needed, just simply re-scan with Ad-aware afterwards to see if it is still there.

Some things never change :D

 

Note: It seems this forum doesn't allow .reg files to be uploaded so, sean when you download it, rename it to remove.reg. Sorry about that.

 

Hello Spydie.

 

I have done what you advised me to do, and ran a full scan GREAT NEWS it was not found.

How does that work?

 

But when i ran hjt it was still showing?

 

Spydie I thank you for your time/help on this problem.

Share this post


Link to post
Share on other sites

sean,

 

Sorry I didn't see it was in the HijackThis log too. Try this for me please;

 

First, If Ad-watch is in Automatic mode, then please turn it off.

 

Attached to my post is, like before, a file called homepage.txt

 

Download it and rename it to .reg, launch it, answer Yes to the prompt and simply re-scan with HijackThis to see if it is still there.

 

When you click 'Yes' at the confirmation prompt, Ad-watch and/or Windows Defender may kick in and tell you about the change (since, from what I can remember both monitor that registry key for any changes). If they do, then allow the change.

 

When you re-scan with HijackThis, post the fresh logfile here. If it is still there, we can try a more agressive method.

 

Let me know how it turns out :D

homepage.txt

Share this post


Link to post
Share on other sites
sean,

 

Sorry I didn't see it was in the HijackThis log too. Try this for me please;

 

First, If Ad-watch is in Automatic mode, then please turn it off.

 

Attached to my post is, like before, a file called homepage.txt

 

Download it and rename it to .reg, launch it, answer Yes to the prompt and simply re-scan with HijackThis to see if it is still there.

 

When you click 'Yes' at the confirmation prompt, Ad-watch and/or Windows Defender may kick in and tell you about the change (since, from what I can remember both monitor that registry key for any changes). If they do, then allow the change.

 

When you re-scan with HijackThis, post the fresh logfile here. If it is still there, we can try a more agressive method.

 

Let me know how it turns out :D

 

good morning spydie.

 

sorry ive taken my time to get back to you, went out last night and im a little bit beer bad this morning.

 

Ive done what you asked and as far as i can see its not showing now, FANTASTIC.

 

THANKS for your help in sorting this out and to winchester, its great to be able to get real help on spyware devils.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:07:33, on 07/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5346.0005)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\Explorer.EXE

C:\progra~1\softwin\bitdef~1\bdswitch.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\progra~1\softwin\bitdef~1\bdnagent.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

c:\progra~1\softwin\bitdef~1\bdmcon.exe

c:\progra~1\softwin\bitdef~1\bdlite.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\shaun\My Documents\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.co.uk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"

O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140637685375

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this