1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: legit program or spy ? DD_v4.DDv4

Discussion in 'Virus & Other Malware Removal' started by smidgen, Sep 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    I don’t know if this is a problem or a legit program , the other day I was looking at my downloaded program files and noticed this one DD_v4.DDv4 version 4.0.0.200 and the numeral code of {01FE8D0A-51AD-459B-B62B-85E135128B32} , I put the code into Google and it took me to a help forum that claimed it was a virus . I also opened properties at windows downloaded programs it gave a company name of PC Drivers Headquarters Inc. and this is where I was taken hhttp://www.drivershq.com/privacy.asp.
    I tried to delete it twice once in regular mode and once in safe mode it would not delete . I’ve got the latest version of Spy-Bot and Adaware and have been updated , I also have Hijackthis and Cwshredder , and PcCillin antivirus , and have run them all , they show nothing wrong , Is this program needed or can I get rid of it somehow ? and if so how could I do that ? Hijackthis does not show this item.

    Also would you look at my Hijackthis ? I would like to know if I could delete some of the unnecessary entries.

    Logfile of HijackThis v1.98.1
    Scan saved at 2:51:41 PM, on 9/10/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCIOMON.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\TMPROXY.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCPFW.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCGUIDE.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCCLIENT.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\POP3TRAP.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.com/default.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe"
    O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\MSN Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - (no file)
    O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\SYSTEM\shdocvw.dll
    O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: Dell Home - {1E181F20-738C-11D4-83CB-10F04FC10000} - http://www.dellnet.com (file missing) (HKCU)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://microsoft.com/typography/clearadj.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
    O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://www.gemal.dk/browserspy/capicom.dll
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  2. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    You have an outdated version of HiJackThis. (It's currently at v1.98.2)

    To update HiJackThis:

    Open the program. click "Config..." --> "Misc. Tools" --> "Check for Update Online".

    Or:

    Please go to the link below and download HiJackThis:

    http://www.majorgeeks.com/download3155.html



    ***NOTE***Do not FIX anything without a log analyzer's guidance. MOST of what's listed is necessary for your computer to operate normally.

    Under "Official Downloads" HiJackThis. It's the 2nd one down.

    Download and unzip to a permanent folder of your own creation.

    Open HiJackThis. Click "Scan". Then, in the lower left corner, click "Save Log".

    Save it to your permanent HiJackThis folder (or floppy disk if necessary).

    The log will open in Notepad. Click "Edit" then "Select All".

    Copy and paste the log back to this thread.

    Alternate download links:

    http://www.spychecker.com/program/hijackthis.html

    http://www.spywareinfo.com/~merijn/downloads.html





    Open HiJackThis. Click "Scan". Put a checkmark next to these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm

    O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - (no file)

    O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - (no file)

    O9 - Extra button: Dell Home - {1E181F20-738C-11D4-83CB-10F04FC10000} - http://www.dellnet.com (file missing) (HKCU)

    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab

    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://microsoft.com/typography/clearadj.cab

    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB

    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/syste.../SysProfLCD.CAB

    Close ALL browser windows and click "Fix checked".



    ***NOTE*** Disable any active resident Anti-virus program before running the scans

    Run at least one of these two on-line anti-virus programs.

    As applicable, make sure the "heuristics" and "Auto Clean" boxes are checked.

    If anything's found, allow it to clean the file. If it's "uncleanable" DELETE everything the virus scan finds.

    Re-start the computer between each scan.


    Trend Micro's free on-line scan

    Panda's free on-line scan



    Restart your computer and post another HiJackThis log.
     
  3. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    FinestRanger: First I want to thank you for your reply to my problem .
    I went through all of the steps you gave me and the online virus scans and I also went to this site http://www.windowsecurity.com/trojanscan/ and had a free check for Trojans . I did not find any problem if it there is one ,but I did get rid of some excess baggage . I didn’t realize that I had an older version of Hijackthis , I deleted the old one before downloading the newer one , rebooted , tried to check for upgrades before running a scan which just as with the older version it would not go to upgrade , this is what would appear ,""The website is unavailable. Either it is down , or moved or deleted it by accident. Try again in a few days , or email me at [email protected]"


    All of the spyware and antivirus programs will go to updates , but not Hijackthis nor will cwshredder and I don’t know why . Do you think the ones I have may be corrupt ?

    Back to the original item that I had posted the DD_v4.DDv4 version 4.0.0.200 {01FE8D0A-51AD-459B-B62B-85E135128B32} I don’t see it doing any harm , but what is it for ? and why can’t I delete It ? Like I had said before when I put it into Google this is what shows up http://forums.thatcomputerguy.us/index.php?showtopic=5237 when you go to this site it shows on their Hijacklog , which it does not on mine , notice they want them to fix it . I also can go to this site and look at the third Hjacklog here http://www.cybertechhelp.com/forums/showthread.php?t=49345 they state that it’s a premium rate dialer ,”yikes”! I think I got this when I went to a site driver downloads or something like that I cant remember now . Can you help me get rid of this ? I tried to put a picture of the notice that i got trying to upgrade Hijackthis , but I couldn't so it's just text.

    Once again thanks for the help
     
  4. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    You couldn't get the updated version through the MajorGeeks link?

    The file you're referring to...you can try:

    Open HiJackThis. Click "Config"--->"Misc Tools"--->"Delete a file on reboot".

    Browse for the file in question.

    Post a fresh HJT log.
     
  5. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    FinestRanger: Thanks once again and the last suggestion was brilliant , but I can't bring up the file by going to HJT config-misc tools-and check delete file on reboot it will not bring up the file that I need to delete it's not on the list , I can see the file when I open Explorer and click on Windows downloaded program files but not in the Hijack , I did try pasting the file in the space for delete when reboot but that didn't work either, I guess there's no way to delete it. At this point I'm more curious to what it's for? the
    DD_v4.DDv4 version 4.0.0.200 {01FE8D0A-51AD-459B-B62B-85E135128B32} as I said before is I can put this into Google and go to a driver site and if you click to download it will tell you about your drivers on your computer , which mine come out as thirty odd percent good and the rest bad by the report that it gives , maybe it's not doing any harm but It bugs me why I can't delete it, plus on some other help forums this would show on their HJT log and sometimes they would recommend they delete it , my HjT log doesn't even show this file , which is in Windows downloaded programs .

    I was going to put the address of the driver site in this reply , but I didn't want people to click on it and get them into trouble in case there is a bug with the site . I did end up going to the site again and downloaded it to see if I could delete it after , but that didn't do anything either .


    As for the update for HijackThis I was able to download the "upgrade" from Major Geek's , but when I open the program and click on " which I should have stated more clearly before is I can't get to the update", is anybody able to get an update for Hijackthis ? I haven't been able to do so for some time with the old version nor with the new. I guess this is for me at least an unsolved mystery and I thank you very much for all your help.

    PS: I don't see this doing any harm to my computer . "yet"! Thanks again .
     
  6. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Does the file end in ".exe"? or something else?
     
  7. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    Hi FinestRanger: I thought maybe you'd want to give it up , the file does not have an exe that I know of , like I'd mention before is if you go to the site that Google gives me which I do remember going to before is PC Drivers Headquarters Inc. I get a security warning about downloading and if you do download you get a page that tells you how many good and bad drivers you have on your computer , They charge thirty dollars for their service which I guess is getting new updated drivers for you . The program that's on my computer is at windows downloaded program files , to get there I click on internet options -settings- view objects , and there sets DD_v4.DDv4. if I highlight it and click on properties I get dependency DD_v4.OCX , version 4.0.0.200 size 98,304 bytes , type active x controls and a long number 01FE8D0A-51AD-459B-B62B-85E135128B32. and zero java packages that java depends .

    If I new how to put a picture in this forum I have taken one which shows my download list of programs , but i can't seem to paste one on here. I must assume that your a very patient person to keep going with this . What really gets me is what is it or does it do ? I don't notice it doing anything to my computer yet ! and all the spyware and virus checks don't show anything . I forgot you wanted a Hijack log here's one I just did , also I read some where that you should have everything checked in the start menu so I did , everything is checked with this Hijack log , also why do the RO's 2 & 3 keep coming back ? I think you told me to fix and I did , but their back .
    Logfile of HijackThis v1.98.2
    Scan saved at 11:37:54 PM, on 9/15/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCIOMON.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\TMPROXY.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCPFW.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCGUIDE.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCCLIENT.EXE
    C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\POP3TRAP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
    C:\SCANNER\PPWEBCAP.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.com/default.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe"
    O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [PPWebCap] C:\SCANNER\PPWebCap.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\MSN Messenger\msmsgs.exe" /background
    O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\SYSTEM\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://www.gemal.dk/browserspy/capicom.dll
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  8. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    OK. I've attached a screenshot of, what I assume, is what you're referring to...


    You can't delete it when you highlight the file? Even in safe mode?

    Strange...Let me dig around some more. (y)
     

    Attached Files:

  9. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    That picture of downloaded programs is just what I've been talking about , and yes I've tried deleting it in safe mode and every other way. When you told me to try Hijackthis config. misc tools and delete on reboot it didn't work either and I tried three times , I had to copy and paste into it cause at Hijackthis the popup list wouldn't bring the download program file up In order to place into the space and even when i tried that it went blue screen on me once .
     
  10. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    I'm going to report this thread to a security moderator for you. :cool:
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Are you saying that when you right click on the file in Downloaded Programs and select "remove" it does not remove or that it returns?

    {01FE8D0A-51AD-459B-B62B-85E135128B32} is not showing there...

    I'm not sure why it isn't showing up in HijackThis, but HJT has a "white list", though it seems odd to me that that would be on it.

    If you run HijackThis from a "shortcut", and right click on the shortcut and add /nowhitelist to the end of the path (preceeded by a space) you should see a fuller description of the contents of the Downloaded Program Files folder.
     
  12. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    FinestRanger and Rollin Rog : after your last post I went to the site Pc Drivers Headquarters and re-downloaded the file which I thought I could than delete , but that didn't work so I noticed I could contact them via email which I explained what had happened and how could I delete the file from download files , I got an email back from them today and they said to delete it ! that just what I told them I couldn't do , so now I will try and send you via attachment an image of the file DD_v4.DDv4 I found last night in my registry and I would like you to tell me if I can just delete the folder there.

    To get there I went Hkey\ classes \root \ DD_v4.DDv4 I clicked on the yellow folder and it only had the long number showing with default on the right side . If you don't see an attachment or picture than I didn't succeed with that either , but it won't hurt anything if I delete that at the registry will it ? and thanks again .

    Rollin Rog : I don't understand your directions for running HJT from shortcut and adding the text , sorry If I'm making things harder by being thick , but do you think I can delete from registry ? One more question , can you tell me how to find the post where i can learn to post an image to Tech Guy Forum ? Oh and yes when I click to remove the file it does seem to get gone and than when I open win downloaded programs it is back .
     

    Attached Files:

  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm sure you could delete it without any harm. As I said before, I don't see the file in your Downloaded Programs File window, but I'm sure there is no harm in manually deleting it from the registry.
     
  14. smidgen

    smidgen Thread Starter

    Joined:
    Mar 14, 2004
    Messages:
    101
    The address you put in my mail notice is the one . It's a driver checker and I do remember going there and downloading to see what drivers could be good or bad. I have today tried to download again to see if after I could delete the DD_v4.DDv4 but it's still there even after deleting it in the registry , the only place I see it is in the Windows downloaded program files , which doesn't show in Hijack
    This and each time I delete the file it comes back ! I emailed them today and they told me to delete it which in the email I'd sent them is that I can't delete it. I don't see it slowing or doing anything to my computer should I just forget it or do you think it might be harmful . I've run two different antivirus a free trogin program and three spyware programs they show nothing. I thank you very much for your help.
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Can you post a screenshot of the Downloaded Programs folder?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272518

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice