jz1english
asked on
Adware Statblaster
I have an adware on my computer called statblaster. Mcafee av catches it but is unable to delete it. I have tried to delete the .exe file but it comes back on restart. Also, I believe this adware is causing other problems on my computer. When I try to use certain sites my window just ie window just shuts down. For instance, when trying to log into yahoo mail, when I hit the log in button the window just closes. I can barely use the internet.
ASKER
Mcafee av show the file u8.exe as the executable for statblaster. why is this file not mentioned in any of the solutions? Is there a software you know of that will do these things for me?
post here the LOG file of hijachtis scan.... coz the files resposible for popups and spywares are not always SAME..... once u delete them they can return with another name !!!!
We have to maullay trace them and delete them sometimes.... this can be done if u can post here the LOG file :)
We have to maullay trace them and delete them sometimes.... this can be done if u can post here the LOG file :)
ASKER
Logfile of HijackThis v1.98.2
Scan saved at 8:41:41 PM, on 8/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc. exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentr y.exe
C:\Program Files\Real\RealPlayer\Real Play.exe
C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\age nt\mcagent .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\McAfee.com\PER SON~1\MPFS ERVICE.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\System32\qwkjoo .exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
C:\WINDOWS\System32\mrtMng r.EXE
C:\WINDOWS\System32\nvsvc3 2.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfA gent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORRE C~1\CCD.ex e
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\Program Files\McAfee.com\VSO\mcmnh dlr.exe
c:\program files\mcafee.com\shared\mg html.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\Documents and Settings\John English\Local Settings\Temporary Internet Files\Content.IE5\KLEZ0LAB \HijackThi s[1].exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.livereal.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page_bak = http://hometab.bellsouth.net
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A- 3B75BF7554 D7} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-2 16055BF991 8} - C:\WINDOWS\mxTarget.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: SDWin32 Class - {7588ED34-8BB5-4513-BC80-3 F9650C986E 7} - C:\WINDOWS\System32\ewfrv. dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E 1B4C16F92E B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr y.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\McUpdat e.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [nlkqqroeja] C:\WINDOWS\System32\qwkjoo .exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [ewfrvc] C:\WINDOWS\System32\ewfrvc .exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller. exe /startup
O4 - HKCU\..\Run: [QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F 0B44B4BD2A C} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F 0B44B4BD2A C} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3 DEA45B69CB F} (Web P2P Installer) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A 817856E07F 4} - http://cabs.roings.com/cabs/mmed.cab
Scan saved at 8:41:41 PM, on 8/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentr
C:\Program Files\Real\RealPlayer\Real
C:\Program Files\MUSICMATCH\MUSICMATC
C:\PROGRA~1\mcafee.com\age
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso
C:\Program Files\Common Files\Dell\EUSW\Support.ex
c:\PROGRA~1\mcafee.com\vso
c:\progra~1\mcafee.com\vso
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\McAfee.com\PER
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\System32\qwkjoo
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\PROGRA~1\McAfee.com\PER
C:\WINDOWS\System32\mrtMng
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\PROGRA~1\McAfee.com\PER
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BellSouth\Connection
C:\PROGRA~1\BROADJ~1\CORRE
c:\PROGRA~1\mcafee.com\vso
C:\Program Files\McAfee.com\VSO\mcmnh
c:\program files\mcafee.com\shared\mg
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Documents and Settings\John English\Local Settings\Temporary Internet Files\Content.IE5\KLEZ0LAB
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SDWin32 Class - {7588ED34-8BB5-4513-BC80-3
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [nlkqqroeja] C:\WINDOWS\System32\qwkjoo
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [ewfrvc] C:\WINDOWS\System32\ewfrvc
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PER
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.
O4 - HKCU\..\Run: [QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jz1english,,,, what happened, any problem out there :)
ASKER
i still have to test the fixes. i have been busy this week. will complete by end of weekend. thanks...
:)
i thought u got stuck somewhere,,, never mind and keep posted =)
i thought u got stuck somewhere,,, never mind and keep posted =)
Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe