1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Removal of Adware-Statblaster

Discussion in 'Virus & Other Malware Removal' started by Jbrio, Feb 2, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Jbrio

    Jbrio Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    9
    Does anyone have a way to remove Adware-Statblaster? I have McAfee and keep getting a delete error, when I went to McAfee's site their removal instructions only tells you how to go into command prompt and see if it's on your computer but not what to do to get rid of it. I have also used Spybot which identifies it as WildMedia (which I was able to cross reference as Adware-Statblaster). When I check the box to remove/fix it, it says it was, but it's still there when I re-run the program. :confused:
     
  2. Jbrio

    Jbrio Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    9
    I'm also having problems with delete errors for an AutoUpdate.exe?
     
  3. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Hi jbrio and welcome to TSG

    Go to http://majorgeeks.com/download3155.html and download 'Hijack This!'.

    First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
    Then doubleclick the Hijackthis.exe.

    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here
    in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.

    Someone here will be happy to help you analyze the results.
     
  4. Jbrio

    Jbrio Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    9
    Logfile of HijackThis v1.99.0
    Scan saved at 9:42:41 PM, on 2/2/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\SYSTEM32\DWRCS.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\WINNT\System32\ScsiAccess.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\SYSTEM\svchost.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINNT\explorer.exe
    C:\documents and settings\julana.desktop\local settings\temp\vEd.exe
    C:\documents and settings\julana.desktop\local settings\temp\MzQfp.exe
    C:\documents and settings\julana.desktop\local settings\temp\s9.exe
    C:\documents and settings\julana.desktop\local settings\temp\s9.exe
    C:\documents and settings\julana.desktop\local settings\temp\vEd.exe
    C:\documents and settings\julana.desktop\local settings\temp\MzQfp.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
    C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    C:\WINNT\system32\??rss.exe
    C:\Documents and Settings\Julana.DESKTOP\Application Data\edce.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
    C:\Documents and Settings\Julana.DESKTOP\Local Settings\Temp\vEd.exe
    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
    C:\Documents and Settings\Julana.DESKTOP\Desktop\HijackThis.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINNT\system32\wowloc.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\tsa\ts2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Julana.DESKTOP\Desktop\computer cleanup\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_16_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IAdvertisementBHO Class - {80672997-D58C-4190-9843-C6C61AF8FE97} - (no file)
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Julana.DESKTOP\Local Settings\Temp\WceEu.dll
    O2 - BHO: (no name) - {F50BC017-0EA3-0876-8696-76A2DEF26791} - C:\WINNT\system32\omeghqsk.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_16_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {23DDAE8C-6A79-4d62-80AA-E95D89CB9811} - (no file)
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [winphonics7536] c:\winnt\system32\vbsystem35.exe c:\winnt\system32\setups.exe c:\winnt\system32\vb.vb
    O4 - HKLM\..\Run: [MzQfp.exe] C:\documents and settings\julana.desktop\local settings\temp\MzQfp.exe
    O4 - HKLM\..\Run: [s9.exe] C:\documents and settings\julana.desktop\local settings\temp\s9.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [s9] C:\documents and settings\julana.desktop\local settings\temp\s9.exe
    O4 - HKLM\..\Run: [MzQfp] C:\documents and settings\julana.desktop\local settings\temp\MzQfp.exe
    O4 - HKLM\..\Run: [MkXo7a.exe] C:\documents and settings\julana.desktop\local settings\temp\MkXo7a.exe
    O4 - HKLM\..\Run: [sM.exe] C:\documents and settings\julana.desktop\local settings\temp\sM.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [rwx] C:\WINNT\rwx.exe
    O4 - HKLM\..\Run: [Be.exe] C:\documents and settings\julana.desktop\local settings\temp\Be.exe
    O4 - HKLM\..\Run: [qdjSnAexr.exe] C:\documents and settings\julana.desktop\local settings\temp\qdjSnAexr.exe
    O4 - HKLM\..\Run: [os2g38l] wowloc.exe
    O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Bjgvl] C:\WINNT\system32\??rss.exe
    O4 - HKCU\..\Run: [Rsoo] C:\Documents and Settings\Julana.DESKTOP\Application Data\edce.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {058025FC-4416-436B-ACFD-03E6224C901C} (FileInfo Class) - http://diagnostics.support.hp.com/motivedocs/ces/aw/ipgaxctrl.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...6e12f85fd528:199ee2fabb487c2f7632a3c55842ae1b
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
    O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
    O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4293/mcfscan.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O23 - Service: AVSync Manager - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: DameWare NT Utilities 2.6 - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
    O23 - Service: DameWare Mini Remote Control - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
    O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Microsoft NetWork FireWall Services - Unknown - NetServices.exe (file missing)
    O23 - Service: PipeCmd Service - Unknown - C:\WINNT\system32\PipeCmdSrv.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: ScsiAccess - Unknown - C:\WINNT\System32\ScsiAccess.EXE
    O23 - Service: MS Software Generic Host Process for Win32 Services - Unknown - C:\WINNT\SYSTEM\svchost.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326057

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice