Drivecleaner.com pop up No virus or trojan found.

[Screwed]

I have been getting the drivecleaner.com pop up when I go on to Realtor.com. This started after I transfered files from my old computer. I am running Iolo Antivirus and Firewall, Windows Defender, and Ad Aware. The antivirus software has found nothing. The first time I got the pop up Ad Aware found a registry problem with Notepad. When I tried to fix it through Ad Aware the program locked up. I found the problem and deleted it manually. I was ok for 2 weeks until the other day when I went back on to Realtor.com and got the pop up again. Again Ad Aware found the problem in the registry and would not correct it. I deleted it again manually now I am thinking something else might be causing it. Any help would be greatly appreciated.

Here is my log:

Deckard's System Scanner v20070807.62
Run by XXX on 2007-08-08 at 21:15:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
13: 2007-08-09 00:03:07 UTC - RP115 - Windows Update
12: 2007-08-08 0049 UTC - RP114 - Windows Update
11: 2007-08-03 22:58:09 UTC - RP113 - Scheduled Checkpoint
10: 2007-08-03 00:57:25 UTC - RP112 - Windows Update
9: 2007-08-01 01:38:45 UTC - RP111 - Windows Update


-- First Restore Point --
1: 2007-07-21 23:42:17 UTC - RP103 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-08 21:19:00
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\taskeng.exe
C:\Users\XXX\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2070317
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" rstrq
O4 - HKEY_LOCAL_MACHINE\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" rstrq
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: DSBrokerService - Unknown owner - "C:\Program Files\DellSupport\brkrsvc.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - Unknown owner - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - AutoCADScriptFile - shell\open\command - C:\Windows\NOTEPAD.EXE "%1"
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 XPacket (iolo Personal Firewall Driver) - c:\windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\c:\windows\system32\drivers\bvrpmpr5.sys
S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-08-08 19:49:20 0 d-------- C:\Program Files\SpywareBlaster
2007-08-06 21:54:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-07-30 21:59:06 0 d-------- C:\Program Files\iPod
2007-07-30 21:59:04 0 d-------- C:\Program Files\iTunes
2007-07-18 03:52:14 0 d-------- C:\Users\All Users\NVIDIA
2007-07-15 14:35:45 126976 --a------ C:\Windows\system32\iavlsp.dll
2007-07-15 14:35:31 0 d------c- C:\Windows\system32\DRVSTORE
2007-07-15 14:35:30 0 d-------- C:\Program Files\Common Files\Authentium
2007-07-15 14:35:10 155648 --a------ C:\Windows\system32\ssleay32.dll
2007-07-15 14:35:09 696320 --a------ C:\Windows\system32\libeay32.dll
2007-07-15 14:35:05 39424 --a------ C:\Windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
2007-07-15 14:35:04 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2007-07-15 14:35:01 25264 --a------ C:\Windows\system32\smrgdf.exe
2007-07-15 14:35:01 41472 --a------ C:\Windows\system32\iolobtdfg.exe
2007-07-15 14:35:00 0 d-------- C:\Program Files\iolo
2007-07-15 14:27:25 0 d-------- C:\Users\All Users\iolo
2007-07-13 10:31:17 0 d-------- C:\Program Files\autodesk learning assistance


-- Find3M Report ---------------------------------------------------------------

2007-08-08 20:23:27 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.001
2007-08-08 20:12:26 0 d-------- C:\Program Files\Windows Mail
2007-08-08 2007 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.dat
2007-07-30 21:54:42 0 d-------- C:\Program Files\QuickTime
2007-07-28 23:12:22 0 d-------- C:\Program Files\Volo View Express
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-28 23:12:20 0 d-------- C:\Program Files\AutoCAD 2002
2007-07-28 23:12:02 0 d-------- C:\Program Files\Windows Sidebar
2007-07-24 02:38:35 0 d-------- C:\Users\XXX\AppData\Roaming\iolo
2007-07-19 19:54:50 0 d-------- C:\Program Files\Google
2007-07-16 1143 388 --a------ C:\Users\XXX\AppData\Roaming\wklnhst.dat
2007-07-14 23:40:30 0 d--h----- C:\Users\XXX\AppData\Roaming\GTek
2007-07-06 15:43:58 0 d-------- C:\Program Files\Apple Software Update
2007-07-06 15:42:57 0 d-------- C:\Program Files\Common Files\Apple
2007-06-28 02:36:11 0 d-------- C:\Users\XXX\AppData\Roaming\Adobe
2007-06-18 00:44:45 0 d-------- C:\Users\XXX\AppData\Roaming\SpywareBot


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/13/2007 09:40 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [11/27/2006 06:56 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [11/17/2006 05:19 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 08:35 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [06/18/2007 05:09 PM]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [06/18/2007 04:46 PM]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [06/11/2007 02:55 PM]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe" [06/18/2007 05:09 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/16/2007 12:32 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/16/2007 12:32 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/16/2007 12:32 AM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [06/16/2007 12:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 05:02 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/16/2007 8:00:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-08 at 21:24:15 ---------

[Screwed]

Bump. Could someone look at my log and tell me if there is anything I can do to stop this pop up from coming back ? thanks.

[Screwed]

I just ran another system scan which looks different this time. I did not get the extra.txt file with this scan for some reason. Yesterday I ran Spybot search and destroy and had 64 problems 11 of them were from Drivecleaner.com. When I run Ad Aware it comes up with 1 registry problem that it will not fix. The thing is I ran Spy Bot just the other day and it came up with only 1 problem and since then I not been Realtor.com where I had gotten the pop up originally. Sorry to keep bumping this but I don't feel safe using my computer online until I can figure out what is going on.

Here is a new log:

Deckard's System Scanner v20070807.62
Run by XXX on 2007-08-12 at 08:09:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as XXX.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:54 AM, on 8/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\XXX\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\XXX.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" rstrq
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" rstrq
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9917 bytes

-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 08:09:46 0 d-------- C:\Program Files\Trend Micro
2007-08-08 19:49:20 0 d-------- C:\Program Files\SpywareBlaster
2007-08-06 21:54:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-07-30 21:59:06 0 d-------- C:\Program Files\iPod
2007-07-30 21:59:04 0 d-------- C:\Program Files\iTunes
2007-07-18 03:52:14 0 d-------- C:\Users\All Users\NVIDIA
2007-07-15 14:35:45 126976 --a------ C:\Windows\system32\iavlsp.dll
2007-07-15 14:35:31 0 d------c- C:\Windows\system32\DRVSTORE
2007-07-15 14:35:30 0 d-------- C:\Program Files\Common Files\Authentium
2007-07-15 14:35:10 155648 --a------ C:\Windows\system32\ssleay32.dll
2007-07-15 14:35:09 696320 --a------ C:\Windows\system32\libeay32.dll
2007-07-15 14:35:05 39424 --a------ C:\Windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
2007-07-15 14:35:04 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2007-07-15 14:35:01 25264 --a------ C:\Windows\system32\smrgdf.exe
2007-07-15 14:35:01 41472 --a------ C:\Windows\system32\iolobtdfg.exe
2007-07-15 14:35:00 0 d-------- C:\Program Files\iolo
2007-07-15 14:27:25 0 d-------- C:\Users\All Users\iolo
2007-07-13 10:31:17 0 d-------- C:\Program Files\autodesk learning assistance


-- Find3M Report ---------------------------------------------------------------

2007-08-11 22:55:47 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.dat
2007-08-11 22:55:47 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.001
2007-08-08 20:12:26 0 d-------- C:\Program Files\Windows Mail
2007-07-30 21:54:42 0 d-------- C:\Program Files\QuickTime
2007-07-28 23:12:22 0 d-------- C:\Program Files\Volo View Express
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-28 23:12:20 0 d-------- C:\Program Files\AutoCAD 2002
2007-07-28 23:12:02 0 d-------- C:\Program Files\Windows Sidebar
2007-07-24 02:38:35 0 d-------- C:\Users\XXX\AppData\Roaming\iolo
2007-07-19 19:54:50 0 d-------- C:\Program Files\Google
2007-07-16 1143 388 --a------ C:\Users\XXX\AppData\Roaming\wklnhst.dat
2007-07-14 23:40:30 0 d--h----- C:\Users\XXX\AppData\Roaming\GTek
2007-07-06 15:43:58 0 d-------- C:\Program Files\Apple Software Update
2007-07-06 15:42:57 0 d-------- C:\Program Files\Common Files\Apple
2007-06-28 02:36:11 0 d-------- C:\Users\XXX\AppData\Roaming\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/13/2007 09:40 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [11/27/2006 06:56 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [11/17/2006 05:19 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 08:35 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [06/18/2007 05:09 PM]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [06/18/2007 04:46 PM]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [06/11/2007 02:55 PM]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe" [06/18/2007 05:09 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/16/2007 12:32 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/16/2007 12:32 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/16/2007 12:32 AM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [06/16/2007 12:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 05:02 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/16/2007 8:00:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-12 at 08:10:31 ---------

[Ried]

Hello Screwed and welcome,

Please download and save VundoFix to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to your forum thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

---------------------------------------------------------

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------

Run another scan with HijackThis and save the log.

---------------------------------------------------------

Please include the following in your next reply:

C:\vundofix.txt
Kaspersky results
New HijackThis log
Update on system behavior

[Screwed]

Thanks Ried for your help. I ran everything and came up clean. My computer seems to fine. The only time I seem to get the pop up is on Realtor.com. I did not get a log from the virus scan but it said I had no infections when it was done. Here's the results:


VundoFix V6.5.7

Checking Java version...

Scan started at 9:24:00 PM 8/13/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


Deckard's System Scanner v20070807.62
Run by XXX on 2007-08-14 at 21:39:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as XXX.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:55 PM, on 8/14/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Users\XXX\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\XXX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" rstrq
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" rstrq
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10120 bytes

-- Files created between 2007-07-14 and 2007-08-14 -----------------------------

2007-08-13 21:34:42 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-08-13 21:34:41 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-08-13 21:24:00 0 d-------- C:\VundoFix Backups
2007-08-12 08:09:46 0 d-------- C:\Program Files\Trend Micro
2007-08-08 19:49:20 0 d-------- C:\Program Files\SpywareBlaster
2007-08-06 21:54:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-07-30 21:59:06 0 d-------- C:\Program Files\iPod
2007-07-30 21:59:04 0 d-------- C:\Program Files\iTunes
2007-07-18 03:52:14 0 d-------- C:\Users\All Users\NVIDIA
2007-07-15 14:35:45 126976 --a------ C:\Windows\system32\iavlsp.dll
2007-07-15 14:35:31 0 d------c- C:\Windows\system32\DRVSTORE
2007-07-15 14:35:30 0 d-------- C:\Program Files\Common Files\Authentium
2007-07-15 14:35:10 155648 --a------ C:\Windows\system32\ssleay32.dll
2007-07-15 14:35:09 696320 --a------ C:\Windows\system32\libeay32.dll
2007-07-15 14:35:05 39424 --a------ C:\Windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
2007-07-15 14:35:04 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2007-07-15 14:35:01 25264 --a------ C:\Windows\system32\smrgdf.exe
2007-07-15 14:35:01 41472 --a------ C:\Windows\system32\iolobtdfg.exe
2007-07-15 14:35:00 0 d-------- C:\Program Files\iolo
2007-07-15 14:27:25 0 d-------- C:\Users\All Users\iolo


-- Find3M Report ---------------------------------------------------------------

2007-08-14 20:41:45 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.dat
2007-08-14 20:41:45 40626 --a------ C:\Users\XXX\AppData\Roaming\nvModes.001
2007-08-08 20:12:26 0 d-------- C:\Program Files\Windows Mail
2007-07-30 21:54:42 0 d-------- C:\Program Files\QuickTime
2007-07-28 23:12:22 0 d-------- C:\Program Files\Volo View Express
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files
2007-07-28 23:12:20 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-28 23:12:20 0 d-------- C:\Program Files\AutoCAD 2002
2007-07-28 23:12:02 0 d-------- C:\Program Files\Windows Sidebar
2007-07-24 02:38:35 0 d-------- C:\Users\XXX\AppData\Roaming\iolo
2007-07-19 19:54:50 0 d-------- C:\Program Files\Google
2007-07-16 1143 388 --a------ C:\Users\XXX\AppData\Roaming\wklnhst.dat
2007-07-14 23:40:30 0 d--h----- C:\Users\XXX\AppData\Roaming\GTek
2007-07-13 10:31:17 0 d-------- C:\Program Files\autodesk learning assistance
2007-07-06 15:43:58 0 d-------- C:\Program Files\Apple Software Update
2007-07-06 15:42:57 0 d-------- C:\Program Files\Common Files\Apple
2007-06-28 02:36:11 0 d-------- C:\Users\XXX\AppData\Roaming\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/13/2007 09:40 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [11/27/2006 06:56 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [11/17/2006 05:19 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 08:35 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [06/18/2007 05:09 PM]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [06/18/2007 04:46 PM]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [06/11/2007 02:55 PM]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe" [06/18/2007 05:09 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/16/2007 12:32 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/16/2007 12:32 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/16/2007 12:32 AM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [06/16/2007 12:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 05:02 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/16/2007 8:00:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-14 at 21:40:49 ---------

[Ried]

Well, I can't remove or track down what I can't, or haven't seen.

What is the entry AdAware has been removing?

[Screwed]

Sorry for the lack of info. Ad Aware is finding this (NOTEPAD.EXE "%1" ) in the Reg.Edit under HKEY LOCAL MACHINE, Current version, Run folder. When Ad aware tries to fix it the program locks up. I found the file location where Ad Aware located the problem and went in and deleted the entry manually. If you look at my first log 1/2 way down under "File Associations" you see in red the same file that has been written in other locations.

My first log is right after the second time I got the pop up at Realtor.com before I ran Ad Aware. I got the pop up only one time before and found the same (NOTEPAD.EXE "%1") using Ad Aware and had to delete that entry manually. Right after the first time I got the pop up I bought System Mechanic 7 Pro because it had the Anti Virus software as well as firewall. and everything came up clean so thinking I was ok I went back to Realtor.Com a few times then 1 day the pop up came back. The second log I posted was after I went though and deleted the NOTEPAD.EXE%1 the second time.

I have not been on Realtor.com since and everything seems to be fine so far. I hope this helps and thanks again.

[Ried]

Hi,

While that Notepad%1 entry can be associated with malware, that is not the case here. System Mechanic's own security scripts are adding those which is why it keeps returning.

Let's see if this tool helps out:

Download AVG Anti Spyware

To install AVG Anti Spyware on Vista right click the icon on Desktop and select Run as administrator

• Double click the desktop icon to launch AVG
• On the main Status screen, under Your Computer's Security, click Resident Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Do Not Automatically generate report after every scan"

When you have finished updating, run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Please post the AVG A-S results.

[Screwed]

Here is the results from the AVG AS Scan:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:24:49 AM 8/19/2007

+ Scan result:



:mozilla.100:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.101:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.102:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.103:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.104:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.105:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.106:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.107:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.108:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.109:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.110:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.111:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.112:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.113:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.114:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.115:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.116:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.117:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.118:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.295:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.405:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.426:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.427:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.443:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.455:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.467:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.86:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.87:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.88:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.89:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.90:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.92:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.93:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.94:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.95:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.96:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.97:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.98:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.99:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.125:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.126:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.127:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.133:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.134:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.139:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.140:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.160:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.744:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.759:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.185:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.215:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.216:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.217:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.129:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.772:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.773:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.774:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.775:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.776:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.777:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.778:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.779:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.11:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.8:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.719:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.716:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.717:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.718:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.712:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.713:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.720:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.437:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.468:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.822:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.135:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.136:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.137:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.138:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.492:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.493:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.521:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.522:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.523:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.524:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.540:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.541:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.542:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.543:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.544:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.545:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.546:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.547:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.548:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.549:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.550:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.669:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.238:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.239:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.171:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.558:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.559:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.560:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.561:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.562:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.130:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.131:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.132:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.566:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.567:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.568:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.569:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.570:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.583:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.584:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.585:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.606:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.607:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.608:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.609:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.610:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.611:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.612:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.615:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.630:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.631:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.632:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.633:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.634:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.635:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.698:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.655:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.663:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.664:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.665:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.666:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.667:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.12:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.13:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.14:C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\kyha4e8x.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

[Ried]

The above log indicates that 'No Action' was taken. Did you allow the program to delete/quarantine what it found?

The following tool is compatible with Vista (32-bit only):

Download and run Blacklight

*Note that you must have local administrative privileges to run the program.

Click Scan.

BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you need to allow BlackLight to do this.

When it finishes, click Next. Click on Close

BlackLight beta would create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log.

[Screwed]

I did let the program delete/quarantine these entries. I ran AVG the first time and I did not save the log it generated. This was the second scan I did. The first time I ran AVG I let the program delete/quarantine those entries as well. I will down load Blacklight and post the log. Thanks for your help.

[Screwed]

I just ran Blacklight and it came up with nothing. Here is the log file:

08/20/07 19:45:41 [Info]: BlackLight Engine 1.0.64 initialized
08/20/07 19:45:41 [Info]: OS: 6.0 build 6000 ()
08/20/07 19:45:41 [Note]: 7019 4
08/20/07 19:45:41 [Note]: 7005 0
08/20/07 19:45:47 [Note]: 7006 0
08/20/07 19:45:47 [Note]: 7027 0
08/20/07 19:45:48 [Note]: 7026 0
08/20/07 19:45:48 [Note]: 7026 0
08/20/07 19:45:51 [Note]: FSRAW library version 1.7.1022
08/20/07 19:48:07 [Note]: 7007 0

[Ried]

Quote:

I have been getting the drivecleaner.com pop up when I go on to Realtor.com

Quote:

I have not been on Realtor.com since and everything seems to be fine so far.

I honestly don't know what to tell you at this point. I've not run across anyone else having issues with realtor.com and drivecleaner pop ups. I haven't been able to find a source for these pop ups either. I would suggest contacting realtor.com and advising them of the issue you are having at their site and see if they have heard from others complaining of these pop ups.

[Screwed]

I just ran Ad Aware and it found the notepad.exe %1 problem with my registry. When I try to have Ad Aware remove it the program just locks up. Here is the log from that scan:


Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, August 20, 2007 11:01:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R188 20.08.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-20-2007 11:01:23 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [taskeng.exe]
FilePath : C:\Windows\system32\
ProcessID : 3832
ThreadCreationTime : 8-19-2007 11:40:48 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskEng
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskeng.exe.mui

#:2 [dwm.exe]
FilePath : C:\Windows\system32\
ProcessID : 3880
ThreadCreationTime : 8-19-2007 11:40:48 AM
BasePriority : High
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Desktop Window Manager
InternalName : dwm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dwm.exe.mui

#:3 [explorer.exe]
FilePath : C:\Windows\
ProcessID : 3960
ThreadCreationTime : 8-19-2007 11:40:48 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE.MUI

#:4 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2604
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 1.1.1505.0
ProductVersion : 1.1.1505.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:5 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2628
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 9.0.1.3 06Nov06
ProductVersion : 9.0.1.3 06Nov06
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2006
OriginalFilename : SynTPEnh.exe

#:6 [wltray.exe]
FilePath : C:\Windows\System32\
ProcessID : 2644
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 4.102.15.57
ProductVersion : 4.102.15.57
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Inc.
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : wltray.exe
LegalCopyright : 1998-2006, Dell Inc. All Rights Reserved.
OriginalFilename : wltray.exe

#:7 [wpcumi.exe]
FilePath : C:\Windows\System32\
ProcessID : 2664
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : Windows
CompanyName : Microsoft Corporation
FileDescription : Windows Parental Control Notifications
InternalName : WPCUMI.exe
LegalCopyright : (c) Microsoft Corporation. All rights reserved.
OriginalFilename : WPCUMI.exe.mui

#:8 [systemguardalerter.exe]
FilePath : C:\Program Files\iolo\System Mechanic Professional 7\
ProcessID : 536
ThreadCreationTime : 8-19-2007 11:40:56 AM
BasePriority : Normal


#:9 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1288
ThreadCreationTime : 8-19-2007 11:40:56 AM
BasePriority : Normal
FileVersion : 7.3.1.3
ProductVersion : 7.3.1.3
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:10 [rundll32.exe]
FilePath : C:\Windows\System32\
ProcessID : 2920
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows host process (Rundll32)
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL32.EXE.MUI

#:11 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2896
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 43
ProductVersion : 7, 5, 1, 43
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : avgas.exe

#:12 [sidebar.exe]
FilePath : C:\Program Files\Windows Sidebar\
ProcessID : 2844
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 1.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI

#:13 [ehtray.exe]
FilePath : C:\Windows\ehome\
ProcessID : 2884
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:14 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
ProcessID : 976
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 2, 0, 301, 1654
ProductVersion : 2, 0, 301, 1654
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2007
OriginalFilename : GoogleToolbarNotifier.exe

#:15 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2948
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 11.0.6000.6324 (vista_rtm.061101-2205)
ProductVersion : 11.0.6000.6324
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE.MUI

#:16 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2996
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal


#:17 [ehmsas.exe]
FilePath : C:\Windows\ehome\
ProcessID : 2768
ThreadCreationTime : 8-19-2007 11:40:58 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe.mui

#:18 [rundll32.exe]
FilePath : C:\Windows\System32\
ProcessID : 3368
ThreadCreationTime : 8-19-2007 11:40:58 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows host process (Rundll32)
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL32.EXE.MUI

#:19 [unsecapp.exe]
FilePath : C:\Windows\system32\wbem\
ProcessID : 3400
ThreadCreationTime : 8-19-2007 11:40:58 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Sink to receive asynchronous callbacks for WMI client application
InternalName : unsecapp.dll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : unsecapp.dll

#:20 [sidebar.exe]
FilePath : C:\Program Files\Windows Sidebar\
ProcessID : 1332
ThreadCreationTime : 8-19-2007 11:41:01 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 1.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI

#:21 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1320
ThreadCreationTime : 8-21-2007 3:00:13 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : notepad.exe %1

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\Users\XXX\AppData\Local\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

11:02:32 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:08.757
Objects scanned:104887
Objects identified:1
Objects ignored:0
New critical objects:1

[Ried]

Perhaps you missed my explanation earlier.

Quote:

Originally Posted by Ried

While that Notepad%1 entry can be associated with malware, that is not the case here. System Mechanic's own security scripts are adding those which is why it keeps returning.

[Screwed]

Got it My apologies for the confusion. I should obviously ignore this find from Ad Aware ?

My computer has been running pretty good. I went to Realtor.com the other day and did not get the pop up. I'm not sure if this has anything to do with it but I did not really stay on the site that long and the 2 times I did get the pop up I was on the site for a while.

Looking at the scans would you say everything is ok?
Thanks for all your help on this.

[Ried]

Yes, set Ad-Aware to ignore that entry.

As far as I can see, the logs are clean. Be sure to keep the databases of the anti-malware programs updated, and I'd run scans with them at least weekly. Let them clean anything they find.

You're good to go.

[Screwed]

Thanks Ried

I just checked my AV log from Iolo and it came up with (W32/Trojan.BGRF.) on Aug.19th and deleted that entry. Could this be from the software I downloaded to check my system and is this something I should be concerned about ?

[Ried]

Are you referring to dss.exe? Is that what was detected as that virus? If so, it is a false positive.

[Screwed]

Quote:

Originally Posted by Ried

Are you referring to dss.exe? Is that what was detected as that virus? If so, it is a false positive.

Yes that is it. Thanks.