Tech Support Forum - View Single Post - Drivecleaner.com pop up No virus or trojan found.

Screwed · 08-08-2007, 08:01 PM

I have been getting the drivecleaner.com pop up when I go on to Realtor.com. This started after I transfered files from my old computer. I am running Iolo Antivirus and Firewall, Windows Defender, and Ad Aware. The antivirus software has found nothing. The first time I got the pop up Ad Aware found a registry problem with Notepad. When I tried to fix it through Ad Aware the program locked up. I found the problem and deleted it manually. I was ok for 2 weeks until the other day when I went back on to Realtor.com and got the pop up again. Again Ad Aware found the problem in the registry and would not correct it. I deleted it again manually now I am thinking something else might be causing it. Any help would be greatly appreciated.

Here is my log:

Deckard's System Scanner v20070807.62
Run by XXX on 2007-08-08 at 21:15:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
13: 2007-08-09 00:03:07 UTC - RP115 - Windows Update
12: 2007-08-08 00

49 UTC - RP114 - Windows Update
11: 2007-08-03 22:58:09 UTC - RP113 - Scheduled Checkpoint
10: 2007-08-03 00:57:25 UTC - RP112 - Windows Update
9: 2007-08-01 01:38:45 UTC - RP111 - Windows Update

-- First Restore Point --
1: 2007-07-21 23:42:17 UTC - RP103 - Scheduled Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-08 21:19:00
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\taskeng.exe
C:\Users\XXX\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2070317
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" rstrq
O4 - HKEY_LOCAL_MACHINE\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" rstrq
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: DSBrokerService - Unknown owner - "C:\Program Files\DellSupport\brkrsvc.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - Unknown owner - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - AutoCADScriptFile - shell\open\command - C:\Windows\NOTEPAD.EXE "%1"
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 XPacket (iolo Personal Firewall Driver) - c:\windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\c:\windows\system32\drivers\bvrpmpr5.sys
S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-08-08 19:49:20 0 d-------- C:\Program Files\SpywareBlaster
2007-08-06 21:54:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-07-30 21:59:06 0 d-------- C:\Program Files\iPod
2007-07-30 21:59:04 0 d-------- C:\Program Files\iTunes
2007-07-18 03:52:14 0 d-------- C:\Users\All Users\NVIDIA
2007-07-15 14:35:45 126976 --a------ C:\Windows\system32\iavlsp.dll
2007-07-15 14:35:31 0 d------c- C:\Windows\system32\DRVSTORE
2007-07-15 14:35:30 0 d-------- C:\Program Files\Common Files\Authentium
2007-07-15 14:35:10 155648 --a------ C:\Windows\system32\ssleay32.dll
2007-07-15 14:35:09 696320 --a------ C:\Windows\system32\libeay32.dll
2007-07-15 14:35:05 39424 --a------ C:\Windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
2007-07-15 14:35:04 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2007-07-15 14:35:01 25264 --a------ C:\Windows\system32\smrgdf.exe
2007-07-15 14:35:01 41472 --a------ C:\Windows\system32\iolobtdfg.exe
2007-07-15 14:35:00 0 d-------- C:\Program Files\iolo
2007-07-15 14:27:25 0 d-------- C:\Users\All Users\iolo
2007-07-13 10:31:17 0 d-------- C:\Program Files\autodesk learning assistance

-- Find3M Report ---------------------------------------------------------------

2007-08-08 20:23:27 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.001
2007-08-08 20:12:26 0 d-------- C:\Program Files\Windows Mail
2007-08-08 20

07 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.dat
2007-07-30 21:54:42 0 d-------- C:\Program Files\QuickTime
2007-07-28 23:12:22 0 d-------- C:\Program Files\Volo View Express
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-28 23:12:20 0 d-------- C:\Program Files\AutoCAD 2002
2007-07-28 23:12:02 0 d-------- C:\Program Files\Windows Sidebar
2007-07-24 02:38:35 0 d-------- C:\Users\XXX\AppData\Roaming\iolo
2007-07-19 19:54:50 0 d-------- C:\Program Files\Google
2007-07-16 11

43 388 --a------ C:\Users\XXX\AppData\Roaming\wklnhst.dat
2007-07-14 23:40:30 0 d--h----- C:\Users\XXX\AppData\Roaming\GTek
2007-07-06 15:43:58 0 d-------- C:\Program Files\Apple Software Update
2007-07-06 15:42:57 0 d-------- C:\Program Files\Common Files\Apple
2007-06-28 02:36:11 0 d-------- C:\Users\XXX\AppData\Roaming\Adobe
2007-06-18 00:44:45 0 d-------- C:\Users\XXX\AppData\Roaming\SpywareBot

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/13/2007 09:40 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [11/27/2006 06:56 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [11/17/2006 05:19 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 08:35 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [06/18/2007 05:09 PM]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [06/18/2007 04:46 PM]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [06/11/2007 02:55 PM]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe" [06/18/2007 05:09 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/16/2007 12:32 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/16/2007 12:32 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/16/2007 12:32 AM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [06/16/2007 12:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 05:02 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/16/2007 8:00:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-08-08 at 21:24:15 ---------