# HiJack Log Needing to be Read



## NissanFronti (Mar 20, 2004)

Logfile of HijackThis v1.97.7
Scan saved at 5:07:27 PM, on 4/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\preferred customer\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4024.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://atwnt333.external.hp.com/bus-nacons/caller/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF478ED5-E2B3-446B-863F-0EACBA6636A2}: NameServer = 205.171.3.65 205.171.2.65

I have a program that alerts be when stuff is added to my startup file and it alerted me about a program named "PRegScheduler MFC Application" and I clicked yes because I had just installed a bunch of software. Well I started to worry about it so I researched it and found this info:

PowerReg Scheduler.exe and PowerReg SchedulerV2.exe are installed along with PowerQuests Partition Magic. It is based upon Leader Technologies Register.exe and PowerRegister products. Leader Tech advertises these features:

"Generating reports of your user's data."
"Create customer profiles."
"Create A Valuable Database of Customer Buying Habits"
"Two-way data transmission and communication is supported."

This is spyware. We recommend removing it.

PowerReg Scheduler.exe may show up as "PowerREGISTER" in your task list. It is used as a part of the product registration by a number of companies including MicroProse, IOmega and PowerQuest (Partition Magic). It pops up now and then to remind you to register. In many cases, once you do register, the program remains on your system. There are versions 1.0, 2.0 and 3.0 making the rounds these days"

So I told the program to disable it then it came up as if it wanted to re-install itself but I said "No" and now it is out of my startup but I need help on finding it on my computer. I bought something online yesterday should I be worried (I got the program a few days ago)? PLEASE PLEASE Someone help me  .

Edit: I have ran: Spybot, Adaware 6, SwatIt! and AVG Anti-Virus and they all found nothing.


----------



## buckaroo (Mar 25, 2001)

Your log looks okay. :up: 

As far as finding that application, do a file search for files with that name.


----------



## NissanFronti (Mar 20, 2004)

Thanks ALOT! ok I'm off to find the program. *Singing to the tune of Wizard of Oz* I'm off to find find the program the wonderful program from H***.


----------



## NissanFronti (Mar 20, 2004)

ok I have searched and searched and all I found was a .dat file named PowerReg but I can't find a .exe file. Would there be a .exe file somewhere? I reall think it was installed with Splinter Cell which is a ubisoft product and they are known to put this on people's PCs. The reason I say this is that the .dat file was installed on the same day and the same time as I installed Splinter Cell. Is it ok to delete this program? I don't want to delete something that is not the bad program.

What does the HiJackThis log show you? Whats running on my computer? If it's not running is it possible for it to still collect data? LAst but not least is it ok to check my bank and buy stuff online if it is not running?


----------



## buckaroo (Mar 25, 2001)

If you disabled it, I wouldn't worry about it. It may be considered "spyware", but it's not of the ominous, hacker-type, that you would need worry about conducting normal business with your PC.

I see you have ZoneAlarm, so you shouldn't have any applications trying to phone home without you knowing about it and being able to stop it.

A good application for scanning (and removing) ad/spy/malware is AdAware:

http://www.majorgeeks.com/download.php?det=506

After installing, download current updates and then scan your system. Everything AdAware finds is safe to delete. Keep it updated and regularly check your system.


----------



## NissanFronti (Mar 20, 2004)

Yeah I got WinPatrol To disable it from starting but when I did it was like it deleted itself and then tried to re-install so I said no and now it's gone and I can't find it no where. Would it hurt anything if I delete the PowerReg.dat file? It is in the WINDOWS directory. When I click on it, it says deleting this could cause problems and all that stuff.

I have Spybot S&D, AdAware, SwatIt! and AVG Anti-Virus and none of them picked it up even before I disabled it.


----------



## NissanFronti (Mar 20, 2004)

If anyone knows this please answer


----------



## buckaroo (Mar 25, 2001)

PowerReg from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose, and others.

Okay to delete. Anytime your working with your registry, make sure you do a back up of the registry first.


----------



## NissanFronti (Mar 20, 2004)

So when I delete something out of the WINDOWs folder thats is working with my registry? Also will it be fine to just go into the folder and delete the program or do I need to use some kind of uninstaller? When you say back-up everything, is there a huge chance of it messing up something? Should I just leave it alone?


----------



## buckaroo (Mar 25, 2001)

No, not the same. The Registry is a completely different beast. When you said deleting from the registry I assumed you meant going into windows Registry to delete things. There's an option there to back up the Registry before you delete things there. 

Doesn't sound like you really meant the "Registry", you're just talking of deleting a file. No need to back anything up in this case. And yes, it's always best to uninstall a program rather than deleting it's files.


----------



## NissanFronti (Mar 20, 2004)

I can't find anything about in the registry, could I be missing it? I don't have a uninstaller should I download on to remove this file? All I can find is the PowerReg.dat file could there be a .exe file or other files I can't find? Is there anyway I can find out other files that are tied in with the .dat file?


----------



## buckaroo (Mar 25, 2001)

Go ahead and delete that file. If there's no entry in add/remove for that application you can't "uninstall" it.


----------



## NissanFronti (Mar 20, 2004)

ok I deleted the file. Is there a .exe file anywhere? Or was that what I deleted? While searching for the PowerReg file I found a history log of winpatrol so I don't know if this will help but I post it anyway: [Run]
C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe=1
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe=1
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe=1
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe=1
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP=1
C:\Program Files\QuickTime\qttask.exe -atboottime=1
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe=1
C:\Program Files\Logitech\iTouch\iTouch.exe=1
LOGI_MWX.EXE=1
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe=1
C:\Program Files\Washer\washidx.exe=15
C:\Program Files\GetRight\getright.exe=200
C:\Program Files\Ubi Soft\Register\schedule.exe=200
C:\Program Files\Webshots\WebshotsTray.exe=200
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe=1
C:\Documents and Settings\preferred customer\Start Menu\Programs\Startup\PowerReg Scheduler.exe=200
C:\WINDOWS\system32\\NeroCheck.exe=1
[BHO]
Yahoo! Companion 5.0=900
AcroIEHelper Module=900
Messenger=901
[Tasks]
Symantec NetDetect.job=800
Registration reminder 3.job=800
Registration reminder 2.job=800
Registration reminder 1.job=800
[HOSTS]
Date=2001-08-18 08:00:00
[preferred customer]
StartPage=http://www.gamefaqs.com/
SearchPage=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


----------



## buckaroo (Mar 25, 2001)

Well, it looks like it here:

C:\Documents and Settings\preferred customer\Start Menu\Programs\Startup\PowerReg Scheduler.exe=200

To help you search for it, make sure your system is set to view hidden files. Here's instructions:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html


----------



## NissanFronti (Mar 20, 2004)

Yeah it is searching in hidden files and comes up with nothing. I did say that log was before I disabled it from starting up right? Got any ideas of what I can do?

Edit: When it searches it says "Looking in Hidden Folders and Files"


----------



## buckaroo (Mar 25, 2001)

NissanFronti said:


> I did say that log was before I disabled it from starting up right?


If it's not on a current log, then forget about it. It's nothing malicious anyway.


----------



## NissanFronti (Mar 20, 2004)

Here is my current HiJackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 7:59:13 PM, on 4/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe
C:\Documents and Settings\preferred customer\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4024.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://atwnt333.external.hp.com/bus-nacons/caller/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF478ED5-E2B3-446B-863F-0EACBA6636A2}: NameServer = 205.171.3.65 205.171.2.65

What is this: C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\~e5d141.tmp ?

EDIT: My winpatrol program says "Cleanup" then the company ID thing says "Macrovision Europe Ltd." Should I disable this?


----------



## NissanFronti (Mar 20, 2004)

Anyone? PLEASE HELP ME


----------



## NissanFronti (Mar 20, 2004)

Buckaroo? Anyone? Hello? Please Help me


----------



## buckaroo (Mar 25, 2001)

Sorry for the delay.........

From what I found out it's associated with Macromedia Flash. It's nothing malicious. It doesn't sound like it's causing any problems for you so I would just leave it.


----------



## NissanFronti (Mar 20, 2004)

No problem as many questions are asked here I can see how you could miss my thread.

Yeah thats what I found out too. It popped up a few days ago saying that there was a new Flash out and I needed to update. Well I was in the middle of something so I didn't click on it. Could it be that still running or something?


----------



## buckaroo (Mar 25, 2001)

Open up Task Manager and if it's running, check to disable it from running. Then visit some web sites and see if it makes any difference.


----------



## NissanFronti (Mar 20, 2004)

no what I mean is that it could be that reminder or something like that. Is that possible?


----------



## buckaroo (Mar 25, 2001)

I doubt it.


----------



## NissanFronti (Mar 20, 2004)

I ended the process the same day I posted that log and I have not run in any problems. It has not came back either. So it's nothing to worry about huh?


----------



## NissanFronti (Mar 20, 2004)

buckaroo?


----------



## buckaroo (Mar 25, 2001)

NissanFronti said:


> I ended the process the same day I posted that log and I have not run in any problems. It has not came back either. So it's nothing to worry about huh?


Right, I think you're okay. :up:


----------



## NissanFronti (Mar 20, 2004)

Thanks SO MUCH MAN!  :up:


----------



## buckaroo (Mar 25, 2001)

You're welcome! :up:


----------

