False Positive? DriveCleaner 2006

[TVeblen]

Every time I run Spybot S&D it comes out clean except for one entry: DriveCleaner 2006, (SBI $7E4EDB6E) Class Id, located at HKCR > CLSID > InpocServer32(64 bit).

Clicking to "Fix Selected Problems" results in: "Some problems couldn't be fixed; the reason is that the associated files could still be in use (in memory). This could be fixed after a restart."
Restarting does nothing.

The only thing in the InprocServer32 key is:
C:\programs\AutoCad 2010\AdComFolder\watch.dll
> Threading Model: Both

I know DriveCleaner is a nasty piece of business, but I have scoured my system for any evidence of an infection and have found nothing.

I'm just checking to see if anyone here gets this to see if it is a known false positive result.

[FONT=&quot]Thanks[/FONT]

 

[Bill2]

Try following the instructions on this site.

Remove Drive Cleaner, removal instructions

 

[Bill]

Did you try scanning with malwarebytes?

Bill

 

[kucing13]

ive faced the same prob only with different string on my reg. CC cleaner failed to delete it and so as other software. i tried manual delete on regedit,failed. last, i just left it there as my system still works normal. As long the dead reg didn't give any problems, i just let it sit silent there

 

[Dinesh]

Scan with a-squared Free - Free of charge Anti-Virus, Anti-Trojan, Anti-Spyware, Anti-Dialer and Anti-Worm Software - Freeware!

 

[TVeblen]

Thing is... I have run many AV's and cleaners and they don't detect anything. Only Spybot. And I have gone down that list of files, folders, and registry keys that are associated with the actual worm with a manual search and none of them show up. And none of the processes associated with DriveCleaner are running. I am pretty sure the system is clean.

I am wondering if Spybot is looking at that watch.dll file and confusing it for DriveCleaner.

 

[TVeblen]

Follow Up

I posted this issue on Safer Networking's "False Positives" forum, including a key description:

"In my HKCR > CLSID > InProcServer32 registry key I do have this:
C:\Programs\AutoCAD 2010\AdComFolder\Watch.dll
Threading Model: Both
Could this be the cause of a false positive for Drive Cleaner 2006?"
​

[FONT=&quot]
And I got this response:

"[/FONT] hello,

thank you for reporting this issue.
It is quite unexpected to have any legit software with a registry entry at

Code:
HKEY_CLASSES_ROOT\CLSID\InprocServer32

We will regard this as a false positive, it will be corrected with the next detection update scheduled for Wednesday 2010-05-19."

 

[CarlTR6]

I posted this issue on Safer Networking's "False Positives" forum, including a key description:

"In my HKCR > CLSID > InProcServer32 registry key I do have this:
C:\Programs\AutoCAD 2010\AdComFolder\Watch.dll
Threading Model: Both
Could this be the cause of a false positive for Drive Cleaner 2006?"
​

[FONT=&quot]
And I got this response:

"[/FONT] hello,

thank you for reporting this issue.
It is quite unexpected to have any legit software with a registry entry at

Code:
HKEY_CLASSES_ROOT\CLSID\InprocServer32

We will regard this as a false positive, it will be corrected with the next detection update scheduled for Wednesday 2010-05-19."

That was a good reply from them and an appropriate response.

 

[philosofik]

I have just gone through this exact same thing, until I thankfully came across this thread! HAHAHAHA

...Sevenforums saves the day... AGAIN

 

[Jacee]

It's always best to go to the program's forum and ask!

 

[TVeblen]

It's always best to go to the program's forum and ask!

Yes it is!
But there are lots of very experienced peeps here, so I felt no reservation in asking!

Thanks to all for looking!