I ran Panda software's online virus scan and it comes up with spyware labeled Adware.Statblaster and it is located in Windows Reg. I looked online and found out what types of reg are associated with this but I can not seem to find them in my regedit. Does anyone know how to get rid of this? It seems to be a nasty malware program.

When the associated keys don't actually show what is expected, when dealing with spyware, the first thing I think of is false positive...especially if only ONE malware scanner is saying that a particular item is spyware.

I'd say try a couple of different scans to see if they can corroborate the evidence...

Well I have McAfee and have run both Ad-aware and SD and niether one of them came up with anything. I also ran hijack this and there are two items that I was wondering if I should remove or have anything to do with them. I believe there is nothing weird in the running processes.

Logfile of HijackThis v1.99.1
Scan saved at 7:56:56 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matthew McGeady\Local Settings\Temp\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

If you want help with the HJT log, please post the whole thing...

sorry about that, here is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 5:49:15 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\program files\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Matthew McGeady\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Matthew McGeady\Application Data\Mozilla\Profiles\default\js2le81y.slt\prefs.j s)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [0102241163025668mcinstcleanup] C:\WINDOWS\TEMP\010224~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155491271406[/url]
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4397/mcfscan.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I don't see any problems in the log except for how heavily McAfee is using your resources... You can fix those 2 items you noted if you want, but they are not the problem... The O3 is SiteAdvisor from McAfee...

If you want to dig deeper, do these:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

And...

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

HEre is my combofix log.

Matthew McGeady - 06-11-09 18:13:48.21 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Matthew McGeady\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))


2006-10-24 16:59 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2006-10-24 16:57 84,744 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2006-10-24 16:57 37,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2006-10-24 16:57 33,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2006-10-24 16:57 31,752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2006-10-24 16:57 162,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2006-10-24 16:57 104,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2006-10-20 20:43 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-11-09 17:56 -------- d-------- C:\Program Files\McAfee
2006-11-08 21:19 -------- d-------- C:\Program Files\WinZip
2006-11-08 21:18 -------- d-------- C:\Program Files\Windows Defender
2006-11-08 21:18 -------- d-------- C:\Program Files\Winamp
2006-11-08 21:18 -------- d-------- C:\Program Files\SpywareGuard
2006-11-08 21:09 -------- d-------- C:\Program Files\Internet Explorer
2006-11-08 21:06 -------- d-------- C:\Program Files\America Online 9.0
2006-11-08 21:06 -------- d-------- C:\Program Files\AIM
2006-10-26 18:52 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-24 17:05 -------- d-------- C:\Program Files\McAfee.com
2006-10-24 16:58 -------- d-------- C:\Program Files\Common Files\McAfee
2006-10-24 16:53 -------- d-------- C:\Program Files\Common Files
2006-10-23 19:53 -------- d-------- C:\Program Files\IrfanView
2006-10-20 19:36 -------- d-------- C:\Program Files\QuickTime
2006-10-20 19:33 -------- d-------- C:\Program Files\Messenger
2006-10-20 19:28 -------- d-------- C:\Program Files\Common Files\System
2006-09-13 17:49 -------- d-------- C:\Program Files\AOD
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00, 00,3c,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff, ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00, 00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\MCODS

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-09 18:18:52.71
C:\ComboFix.txt ... 06-11-09 18:18

I am in the process of running the cureit program and currently had McAfee's MPS.exe and Mcupdmgr.exe as trojans. I dont think I should be deleting these items, correct? I have also noticed that when I exit our of IE there is a pause and the header says about:blank, why is that happening? Should I be upgraded to IE7. Thanks for the help with this, I appreciate it greatly.

HEre is my Dr. WEb Log

mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;;
mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;;
mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;;
mps.exe;C:\Program Files\McAfee\MPS;Probably BACKDOOR.Trojan;;
mcupdmgr.exe;C:\Program Files\McAfee\MSC;Probably DLOADER.Trojan;;
A0074863.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926;Probably BACKDOOR.Trojan;;
A0074879.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927;Probably BACKDOOR.Trojan;;
A0074974.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP933;Probably BACKDOOR.Trojan;;
A0075026.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP934;Probably BACKDOOR.Trojan;;
A0075055.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP934;Probably BACKDOOR.Trojan;;
A0075069.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP936;Probably BACKDOOR.Trojan;;
A0075303.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP938;Probably BACKDOOR.Trojan;;
A0075330.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP939;Probably BACKDOOR.Trojan;;

I am in the process of running the cureit program and currently had McAfee's MPS.exe and Mcupdmgr.exe as trojans. I dont think I should be deleting these items, correct? I have also noticed that when I exit our of IE there is a pause and the header says about:blank, why is that happening? Should I be upgraded to IE7. Thanks for the help with this, I appreciate it greatly.

The McAfee items do seem to be false positives and I would not fix them...

You can find and delete this:

C:\Program Files\AIM\Sysfiles\WxBug.EXE

and it wouldn't hurt to clear System Restore and set a new Restore Point... Otherwise, this looks okay... IE7 has some problems, but you can update to it if you would like... The About:Blank that you are seeing is probably just the default since you are not showing evidence of the infection associated with it...

McAfee's latest update has caused a number of problems on people's systems, so that may be the source of your original concern...

Thank you very much for taking the time to help me out, I appreciate it.

I want to make sure I didn't miss a particularly nasty infection... Please do this:

The tool searches all drives on the local computer for files by size; 21504 bytes and 25600 bytes (25600 is a new infector)
Lists said files and their directory path.

Searches all drives for folders named 'bak' and lists their directory path. Note: a directory named such as, 'baker' will turn up in the results as well.

http://noahdfear.geekstogo.com/FindAWF.exe

Save to desktop and run. Output is to awf.txt

Please post that log here...

Sorry for the delay, was not around the last few days. Here is the log

Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~

21504 "C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F1DFF7D6-FA04-4FC5-B460-C93BCDD807A5}.log"


21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

It is possible that this is just a coincidence, but it should be safe to delete this anyway, so I suggest you do so:

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F1DFF7D6-FA04-4FC5-B460-C93BCDD807A5}.log

You will need to set WinXP to show hidden and system files to find it:

In Windows XP, on the taskbar, click Start > My Computer.
In Windows Me/2000/XP, on the Tools menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file types.
In Windows Me/2000/XP, uncheck Hide protected operating system files. Then, under the "Hidden files" folder, click Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.

It would probably be a good idea to rehide those files after you finish so that you don't accidentally delete something important...

Let me know how it is going...

I am trying to delete this file but it is telling me that it is in use. Could this file be causing the false negative in Panda Software and do I have to shut something in McAfee down to get this deleted?

It could be the source of the Panda reaction and it should not be in use since it is just a log file... Try booting to Safe Mode (press F8 just before Windows starts to load) and see if you can delete it there... McAfee should not be running in Safe Mode, so make sure you don't select the option with Network Support...

I was able to delete that file, I still ran Panda software and it still gets the statblaster in the registry that is it. I am pretty confident that my PC is clean of spyware and virus. Do you think that the new McAfee may be triggering a false positive with Panda. Because this never happened with the older version of McAfee when scanning Panda. Because I have looked for every file under statblaster that I know of and nothing is there. Again, I do appreciate your help with this situation.

The latest version of McAfee has caused problems all over the place, so it would not be surprising if it was the source of the problem... There is an infection that fakes McAfee files, so that is why I wanted you to run that last tool... I think you probably are okay...