What's a "Dialer Object" & "Jump to Key" ??

Archived from groups: microsoft.public.windowsme.general (More info?)

Help please:

AdAware has started picking up these "Jump to Key" items. I delete them, and
they come back. What are they? How can they be prevented?

OM

------------

Dialer Object Recognized!
Type : RegValue
Data : Wildflics
Category : Dialer
Comment : ""
Rootkey : HKEY_USERS
Object :
..DEFAULT\software\microsoft\windows\currentversion\run
Value :

Dialer Object Recognized!
Type : RegValue
Data : Wildflics
Category : Dialer
Comment : ""
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
21 answers Last reply
More about what dialer object jump
  1. Archived from groups: microsoft.public.windowsme.general (More info?)

    I'm not sure what you mean by "Jump to Key". The two entries you report
    are telling you that there are entries in the registry that are being used
    to launch an almost certainly unwanted porn dialler each time you boot
    your PC. The keys being
    HKEY_USERS\software\microsoft\windows\currentversion\run and
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run.

    To remove these entries you need to find the file that is creating these
    keys each time you boot your PC. You might find it helpful to download
    and use HijackThis from
    http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
    HJT on C: (not on your desktop nor in your temp folder) and copy the file
    you downloaded to that folder. Close as many applications as you can
    including all instances of Internet Explorer. Enable Windows Explorer to
    see all files and folders (Tools | Folder Options | View and check "Show
    hidden files and folders" and uncheck "Hide protected operating system
    files"), clear your Temp folder and Temporary Internet Files and then run
    hijackthis.exe and post back the log to the HijackThis Forum at
    http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
    someone to identify the cause of your problem.

    > How can they be prevented?

    That's the $64,000 question but a good place to start is by ensuring that
    your PC is fully patched, by using a good antivirus application which is
    kept updated, perhaps even daily, by using tools such as AdAware, SpyBot
    Search & Destroy, Spyware Blaster and more, using a firewall and most
    important of all by practising Safe Hex. Don't click on or download files
    unless you know you want them and the consequences of doing so.

    See also: Dealing with Unwanted Malware, Parasites, Toolbars and Search
    Engines http://mvps.org/winhelp2002/unwanted.htm and also Browser
    Hijacking http://www.spywareinfo.com/articles/hijacked/
    --
    Mike Maltby
    mike.maltby@gmail.com


    OM <Nomail@msn.com> wrote:

    > Help please:
    >
    > AdAware has started picking up these "Jump to Key" items. I delete
    > them, and they come back. What are they? How can they be prevented?
    >
    > OM
    >
    > ------------
    >
    > Dialer Object Recognized!
    > Type : RegValue
    > Data : Wildflics
    > Category : Dialer
    > Comment : ""
    > Rootkey : HKEY_USERS
    > Object :
    > .DEFAULT\software\microsoft\windows\currentversion\run
    > Value :
    >
    > Dialer Object Recognized!
    > Type : RegValue
    > Data : Wildflics
    > Category : Dialer
    > Comment : ""
    > Rootkey : HKEY_LOCAL_MACHINE
    > Object : software\microsoft\windows\currentversion\run
  2. Archived from groups: microsoft.public.windowsme.general (More info?)

    > Don't click on or download files unless you know you want them and the
    > consequences of doing so.

    That's concise, Mike! That should perhaps be tattooed on people's foreheads
    when they buy their first computer!


    Shane


    --
    ¼á
    "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    news:upBHTyzhFHA.4028@TK2MSFTNGP10.phx.gbl...
    > I'm not sure what you mean by "Jump to Key". The two entries you report
    > are telling you that there are entries in the registry that are being used
    > to launch an almost certainly unwanted porn dialler each time you boot
    > your PC. The keys being
    > HKEY_USERS\software\microsoft\windows\currentversion\run and
    > HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run.
    >
    > To remove these entries you need to find the file that is creating these
    > keys each time you boot your PC. You might find it helpful to download
    > and use HijackThis from
    > http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
    > HJT on C: (not on your desktop nor in your temp folder) and copy the file
    > you downloaded to that folder. Close as many applications as you can
    > including all instances of Internet Explorer. Enable Windows Explorer to
    > see all files and folders (Tools | Folder Options | View and check "Show
    > hidden files and folders" and uncheck "Hide protected operating system
    > files"), clear your Temp folder and Temporary Internet Files and then run
    > hijackthis.exe and post back the log to the HijackThis Forum at
    > http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
    > someone to identify the cause of your problem.
    >
    >> How can they be prevented?
    >
    > That's the $64,000 question but a good place to start is by ensuring that
    > your PC is fully patched, by using a good antivirus application which is
    > kept updated, perhaps even daily, by using tools such as AdAware, SpyBot
    > Search & Destroy, Spyware Blaster and more, using a firewall and most
    > important of all by practising Safe Hex. Don't click on or download files
    > unless you know you want them and the consequences of doing so.
    >
    > See also: Dealing with Unwanted Malware, Parasites, Toolbars and Search
    > Engines http://mvps.org/winhelp2002/unwanted.htm and also Browser
    > Hijacking http://www.spywareinfo.com/articles/hijacked/
    > --
    > Mike Maltby
    > mike.maltby@gmail.com
    >
    >
    > OM <Nomail@msn.com> wrote:
    >
    >> Help please:
    >>
    >> AdAware has started picking up these "Jump to Key" items. I delete
    >> them, and they come back. What are they? How can they be prevented?
    >>
    >> OM
    >>
    >> ------------
    >>
    >> Dialer Object Recognized!
    >> Type : RegValue
    >> Data : Wildflics
    >> Category : Dialer
    >> Comment : ""
    >> Rootkey : HKEY_USERS
    >> Object :
    >> .DEFAULT\software\microsoft\windows\currentversion\run
    >> Value :
    >>
    >> Dialer Object Recognized!
    >> Type : RegValue
    >> Data : Wildflics
    >> Category : Dialer
    >> Comment : ""
    >> Rootkey : HKEY_LOCAL_MACHINE
    >> Object : software\microsoft\windows\currentversion\run
    >
  3. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    news:upBHTyzhFHA.4028@TK2MSFTNGP10.phx.gbl...
    > I'm not sure what you mean by "Jump to Key". The two entries you report
    > are telling you that there are entries in the registry that are being used
    > to launch an almost certainly unwanted porn dialler each time you boot
    > your PC. The keys being
    > HKEY_USERS\software\microsoft\windows\currentversion\run and
    > HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run.
    >
    > To remove these entries you need to find the file that is creating these
    > keys each time you boot your PC. You might find it helpful to download
    > and use HijackThis from
    > http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
    > HJT on C: (not on your desktop nor in your temp folder) and copy the file
    > you downloaded to that folder. Close as many applications as you can
    > including all instances of Internet Explorer. Enable Windows Explorer to
    > see all files and folders (Tools | Folder Options | View and check "Show
    > hidden files and folders" and uncheck "Hide protected operating system
    > files"), clear your Temp folder and Temporary Internet Files and then run
    > hijackthis.exe and post back the log to the HijackThis Forum at
    > http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
    > someone to identify the cause of your problem.

    Thanks Mike. Have done as you suggested and waiting for answers or
    suggestions from the BLOG.
    Would you have any any suggestions from my HijackThis log?? Would the
    startup information give any help?

    OM
    ------------
    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:36 AM, on 7/13/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISSERV.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\MAINSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISUM.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\IAMAPP.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\ATRACK.EXE
    C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\APCSYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\HJT\HIJACKTH.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.mchsi.com/hendersonville
    F1 - win.ini: run=hpfsched
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: STOPzilla Browser Helper Object -
    {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\SYSTEM\SZIEBHO.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe"
    /autorun
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
    Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [QuickTime Task]
    "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
    Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [TkBellExe]
    :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot
    O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE
    PLUS\AD-AWARE.EXE" +c
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [STOPzilla Service] C:\PROGRAM
    FILES\STOPZILLA!\SZNTSVC.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
    Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton
    Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
    Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [APC_SERVICE] C:\Program Files\APC\APC PowerChute
    Personal Edition\mainserv.exe
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program
    Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
    /startup
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton
    Utilities\SYSDOC32.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute
    Personal Edition\Display.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program
    Files\NetShow Services\Tools\nsppthlp.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
    http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
    http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/133e3d36e5a5447f0902/netzip/RdxIE601.cab
    O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam Control) -
    http://www.forsythe.tzo.net:1080/XNC600NetCam.cab

    > > ------------
    > >
    > > Dialer Object Recognized!
    > > Type : RegValue
    > > Data : Wildflics
    > > Category : Dialer
    > > Comment : ""
    > > Rootkey : HKEY_USERS
    > > Object :
    > > .DEFAULT\software\microsoft\windows\currentversion\run
    > > Value :
    > >
    > > Dialer Object Recognized!
    > > Type : RegValue
    > > Data : Wildflics
    > > Category : Dialer
    > > Comment : ""
    > > Rootkey : HKEY_LOCAL_MACHINE
    > > Object : software\microsoft\windows\currentversion\run
    >
  4. Archived from groups: microsoft.public.windowsme.general (More info?)

    Lots of malware there most carrying the name Norton and Symantec none of
    which works well on PC and perhaps not doing its job of keeping the system
    clean. :-)

    Moving on, I'm not sure why you have C:\WINDOWS\SYSTEM\WINOA386.MOD
    running which will appear in Taskman as Winoldap, presumably you have some
    old legacy DOS application running. If not be suspicious but I'm not sure
    how it's being launched.

    I don't like O4 - HKLM\..\Run: [TkBellExe]
    :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot and can only assume
    that you ran HJT in the middle of an install as nothing should be running
    from the Temp folder. Either that or you've installed RealPlayer to your
    temp folder. This probably also relates to
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/133e3d36e5a5447f0902/netzip/RdxIE601.cab

    I can see nothing that I might identify as being a Wildflics dialler. Is
    it possible that you have now cleaned this entry successfully? I can see
    lots that I would personally prune or remove but nothing that I would
    think would set alarm bells running that I haven't already mentioned.
    --
    Mike Maltby
    mike.maltby@gmail.com


    OM <Nomail@msn.com> wrote:

    > Thanks Mike. Have done as you suggested and waiting for answers or
    > suggestions from the BLOG.
    > Would you have any any suggestions from my HijackThis log?? Would the
    > startup information give any help?
    >
    > OM
    > ------------
    > Logfile of HijackThis v1.99.1
    > Scan saved at 11:07:36 AM, on 7/13/2005
    > Platform: Windows ME (Win9x 4.90.3000)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    > C:\WINDOWS\SYSTEM\mmtask.tsk
    > C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISSERV.EXE
    > C:\WINDOWS\SYSTEM\MPREXE.EXE
    > C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
    > C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    > C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    > C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    > C:\WINDOWS\SYSTEM\MSTASK.EXE
    > C:\WINDOWS\SYSTEM\STIMON.EXE
    > C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\MAINSERV.EXE
    > C:\WINDOWS\EXPLORER.EXE
    > C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISUM.EXE
    > C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\IAMAPP.EXE
    > C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    > C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\ATRACK.EXE
    > C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE
    > C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    > C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    > C:\WINDOWS\SYSTEM\INTERNAT.EXE
    > C:\WINDOWS\SYSTEM\QTTASK.EXE
    > C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    > C:\WINDOWS\TASKMON.EXE
    > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    > C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
    > C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    > C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\APCSYSTRAY.EXE
    > C:\WINDOWS\SYSTEM\WINOA386.MOD
    > C:\HJT\HIJACKTH.EXE
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.mchsi.com/hendersonville
    > F1 - win.ini: run=hpfsched
    > O2 - BHO: AcroIEHlprObj Class -
    > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
    > FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    > O2 - BHO: STOPzilla Browser Helper Object -
    > {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\SYSTEM\SZIEBHO.dll
    > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    > C:\Program Files\Norton AntiVirus\NavShExt.dll
    > O2 - BHO: Google Toolbar Helper -
    > {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    > files\google\googletoolbar2.dll
    > O3 - Toolbar: Norton AntiVirus -
    > {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    > AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    > c:\program files\google\googletoolbar2.dll
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\SYSTEM\MSDXM.OCX
    > O4 - HKLM\..\Run: [STOPzilla] "C:\Program
    > Files\STOPzilla!\Stopzilla.exe" /autorun
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    > Shared\ccApp.exe"
    > O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
    > O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    > O4 - HKLM\..\Run: [internat.exe] internat.exe
    > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    > powrprof.dll,LoadCurrentPwrScheme
    > O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
    > Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    > O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton
    > Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [PCHealth]
    > C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    > O4 - HKLM\..\Run: [QuickTime Task]
    > "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    > O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    > O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common
    > Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    > O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    > O4 - HKLM\..\Run: [TkBellExe]
    > :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot
    > O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE
    > PLUS\AD-AWARE.EXE" +c
    > O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    > C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    > O4 - HKLM\..\RunServices: [*StateMgr]
    > C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices:
    > [STOPzilla Service] C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
    > O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common
    > Files\Symantec Shared\ccEvtMgr.exe"
    > O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common
    > Files\Symantec Shared\ccSetMgr.exe"
    > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    > powrprof.dll,LoadCurrentPwrScheme
    > O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton
    > Utilities\NPROTECT.EXE
    > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    > O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
    > Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    > O4 - HKLM\..\RunServices: [StillImageMonitor]
    > C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [APC_SERVICE]
    > C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    > O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program
    > Files\BestPopUpKiller\BestPopupKiller.exe /startup
    > O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
    > /startup
    > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    > O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office10\OSA.EXE
    > O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton
    > Utilities\SYSDOC32.EXE
    > O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    > Files\Adobe\Calibration\Adobe Gamma Loader.exe
    > O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute
    > Personal Edition\Display.exe
    > O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program
    > Files\NetShow Services\Tools\nsppthlp.exe
    > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    > O8 - Extra context menu item: Cached Snapshot of Page -
    > res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    > O8 - Extra context menu item: Translate into English -
    > res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    > O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    > O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
    > http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    > O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
    > http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
    > Class) -
    > https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
    > Class) -
    > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > http://software-dl.real.com/133e3d36e5a5447f0902/netzip/RdxIE601.cab
    > O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam
    > Control) - http://www.forsythe.tzo.net:1080/XNC600NetCam.cab
  5. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    news:#$bEw#9hFHA.572@TK2MSFTNGP15.phx.gbl...


    Re: "clear your Temp folder and Temporary Internet Files and then run
    hijackthis.exe"

    Mike - Before running HijackThis, I cleared the c:\temp folder & the
    C:\windows\Temporary Internet Files folder.
    Should I have also cleared the contents out of these other TEMP folders
    before running HijackThis?

    OM

    *** TEMP FOLDERS on my system ***
    C:\temp
    C:\WINDOWS\Temporary Internet Files

    C:\_RESTORE\TEMP
    C:\WINDOWS\TEMP
    C:\WINDOWS\SYSTEM\URTTemp
    C:\WINDOWS\PCHEALTH\SUPPORT\Temp
    C:\WINDOWS\PCHEALTH\HELPCTR\Temp
    C:\WINDOWS\TEMP\~msetup\TEMP
    C:\WINDOWS\Application Data\Symantec\Norton AntiVirus\Temp
    C:\WINDOWS\assembly\temp


    > Lots of malware there most carrying the name Norton and Symantec none of
    > which works well on PC and perhaps not doing its job of keeping the system
    > clean. :-)

    What's your suggestion for better protection? I also use the Linksys Router
    for its firewall. Does a nice job of keeping the Trojans out.

    > Moving on, I'm not sure why you have C:\WINDOWS\SYSTEM\WINOA386.MOD
    > running which will appear in Taskman as Winoldap, presumably you have some
    > old legacy DOS application running. If not be suspicious but I'm not sure
    > how it's being launched.

    Is there a safe way to take this out and put it back in, if needed? I run
    grep and brief in DOS to edit and search various text (radio log) files. Old
    habits are hard to break.

    > I don't like O4 - HKLM\..\Run: [TkBellExe]
    > :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot and can only assume
    > that you ran HJT in the middle of an install as nothing should be running
    > from the Temp folder. Either that or you've installed RealPlayer to your
    > temp folder. This probably also relates to
    > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > http://software-dl.real.com/133e3d36e5a5447f0902/netzip/RdxIE601.cab

    Still looking into this one.

    OM
  6. Archived from groups: microsoft.public.windowsme.general (More info?)

    By default the windows and user temp folder is C:\Windows\Temp. It
    appears that you have both this folder and also a C:\Temp, presumably
    created by some application you have installed or by yourself if you chose
    to alter the default. I would certainly clear the C:\Windows\Temp folder
    although it does appear that you have at least one application (part of
    real player) running in this folder which is not advisable.

    You can safely ignore C:\_RESTORE\TEMP (part of system restore and cannot
    be emptied when windows is running), C:\WINDOWS\PCHEALTH\SUPPORT\Temp,
    C:\WINDOWS\PCHEALTH\HELPCTR\Temp and C:\WINDOWS\Application
    Data\Symantec\Norton AntiVirus\Temp

    C:\WINDOWS\SYSTEM\URTTemp and C:\WINDOWS\assembly\temp are both used by
    the .NET Framework and would suggest you leave them untouched.

    There's no need to worry about C:\WINDOWS\SYSTEM\WINOA386.MOD as long as
    you know why it is being launched. It isn't being launched when you boot
    Win Me but rather when you first use one of your older apps.

    As for a possible alternative to Norton, well the choice is wide, with
    virtually any product being better with possibilities ranging from the
    free AVG AV application through the likes of AVAST, Computer Associates
    ETrust and Panda to NOD32 and Kaspersky. Which depends on the depth of
    your pocket. Personally I mainly use eTrust (currently free for the first
    year), AVG where the user doesn't want to pay and NOD32 or Kaspersky where
    they don't mind paying for peace of mind.
    --
    Mike Maltby
    mike.maltby@gmail.com


    OM <Nomail@msn.com> wrote:

    > "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    > news:#$bEw#9hFHA.572@TK2MSFTNGP15.phx.gbl...
    >
    >
    > Re: "clear your Temp folder and Temporary Internet Files and then run
    > hijackthis.exe"
    >
    > Mike - Before running HijackThis, I cleared the c:\temp folder & the
    > C:\windows\Temporary Internet Files folder.
    > Should I have also cleared the contents out of these other TEMP
    > folders before running HijackThis?
    >
    > OM
    >
    > *** TEMP FOLDERS on my system ***
    > C:\temp
    > C:\WINDOWS\Temporary Internet Files
    >
    > C:\_RESTORE\TEMP
    > C:\WINDOWS\TEMP
    > C:\WINDOWS\SYSTEM\URTTemp
    > C:\WINDOWS\PCHEALTH\SUPPORT\Temp
    > C:\WINDOWS\PCHEALTH\HELPCTR\Temp
    > C:\WINDOWS\TEMP\~msetup\TEMP
    > C:\WINDOWS\Application Data\Symantec\Norton AntiVirus\Temp
    > C:\WINDOWS\assembly\temp
    >
    >
    >> Lots of malware there most carrying the name Norton and Symantec
    >> none of which works well on PC and perhaps not doing its job of
    >> keeping the system clean. :-)
    >
    > What's your suggestion for better protection? I also use the Linksys
    > Router for its firewall. Does a nice job of keeping the Trojans out.
    >
    >> Moving on, I'm not sure why you have C:\WINDOWS\SYSTEM\WINOA386.MOD
    >> running which will appear in Taskman as Winoldap, presumably you
    >> have some old legacy DOS application running. If not be suspicious
    >> but I'm not sure how it's being launched.
    >
    > Is there a safe way to take this out and put it back in, if needed? I
    > run grep and brief in DOS to edit and search various text (radio log)
    > files. Old habits are hard to break.
    >
    >> I don't like O4 - HKLM\..\Run: [TkBellExe]
    >> :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot and can only
    >> assume that you ran HJT in the middle of an install as nothing
    >> should be running from the Temp folder. Either that or you've
    >> installed RealPlayer to your temp folder. This probably also relates
    >> to
    >> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    >> http://software-dl.real.com/133e3d36e5a5447f0902/netzip/RdxIE601.cab
    >
    > Still looking into this one.
    >
    > OM
  7. Archived from groups: microsoft.public.windowsme.general (More info?)

    Forget the forehead - most people see other parts of their anatomy more
    often!
    <VBEG>

    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm

    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

    "Shane" <shanebeatson@gmail.com> wrote in message
    news:%23fP99X4hFHA.1464@TK2MSFTNGP14.phx.gbl...
    >> Don't click on or download files unless you know you want them and the
    >> consequences of doing so.
    >
    > That's concise, Mike! That should perhaps be tattooed on people's
    > foreheads when they buy their first computer!
    >
    >
    > Shane
    >
  8. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Noel Paton" <NoelDPspamless@btopenworld.com> wrote in message
    news:e5Soc1JiFHA.3436@tk2msftngp13.phx.gbl...
    > Forget the forehead - most people see other parts of their anatomy more
    > often!
    > <VBEG>
    >
    > --
    > Noel Paton (MS-MVP 2002-2005, Windows)
    >
    > Nil Carborundum Illegitemi
    > http://www.btinternet.com/~winnoel/millsrpch.htm
    >
    > http://tinyurl.com/6oztj
    >
    > Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
    >
    > "Shane" <shanebeatson@gmail.com> wrote in message
    > news:%23fP99X4hFHA.1464@TK2MSFTNGP14.phx.gbl...
    > >> Don't click on or download files unless you know you want them and the
    > >> consequences of doing so.
    > >
    > > That's concise, Mike! That should perhaps be tattooed on people's
    > > foreheads when they buy their first computer!
    > >
    > >
    > > Shane

    Gee - that's real helpful. OM
  9. Archived from groups: microsoft.public.windowsme.general (More info?)

    "OM" <Nomail@msn.com> wrote in message
    news:e1yBe.153339$_o.38495@attbi_s71...
    >
    > "Noel Paton" <NoelDPspamless@btopenworld.com> wrote in message
    > news:e5Soc1JiFHA.3436@tk2msftngp13.phx.gbl...
    >> Forget the forehead - most people see other parts of their anatomy more
    >> often!
    >> <VBEG>
    >>
    >> --
    >> Noel Paton (MS-MVP 2002-2005, Windows)
    >>
    >> Nil Carborundum Illegitemi
    >> http://www.btinternet.com/~winnoel/millsrpch.htm
    >>
    >> http://tinyurl.com/6oztj
    >>
    >> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
    >>
    >> "Shane" <shanebeatson@gmail.com> wrote in message
    >> news:%23fP99X4hFHA.1464@TK2MSFTNGP14.phx.gbl...
    >> >> Don't click on or download files unless you know you want them and the
    >> >> consequences of doing so.
    >> >
    >> > That's concise, Mike! That should perhaps be tattooed on people's
    >> > foreheads when they buy their first computer!
    >> >
    >> >
    >> > Shane
    >
    > Gee - that's real helpful. OM
    >

    Gee - you already got helped, didn't you? Or do you own this thread?


    Shane
  10. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    news:#8q1kZNiFHA.1044@tk2msftngp13.phx.gbl...
    > USER.DAT is one of the three files that comprise the registry the others
    > being CLASSES.DAT and SYSTEM.DAT. USER.DAT contains the HKCU hive and
    > should only ever be accessed using an appropriate tool such as regedit and
    > even then only by someone who knows what they are doing. For example when
    > searching as you did for a file containing the string "wildflics" you will
    > have immediately created a string containing "wildflics" in the HKCU hive
    > and therefore the USER.DAT. You can prove this for yourself by using
    > Windows Explorer to search for a file containing "Rumplestiltskin". The
    > only hit will be USER.DAT.
    >
    > So unfortunately, that you found the string "wildflics" in USER.DAT adds
    > nothing to what has gone before. Even less so since you don't mention
    > whether AdAware is still finding this dialler.

    Yes, AdAware still generates both dialler complaints, and after checking the
    deletion boxes, finishing, and immediately re-running AdAware - I get the
    two complaints again. ak
  11. Archived from groups: microsoft.public.windowsme.general (More info?)

    What feedback did you get when you posted your HJT log to the forum I
    suggested since this newsgroup is not really the place to post such logs?
    --
    Mike Maltby
    mike.maltby@gmail.com


    OM <Nomail@msn.com> wrote:

    > Yes, AdAware still generates both dialler complaints, and after
    > checking the deletion boxes, finishing, and immediately re-running
    > AdAware - I get the two complaints again. ak
  12. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    news:OqGRqyRiFHA.2424@TK2MSFTNGP09.phx.gbl...
    > What feedback did you get when you posted your HJT log to the forum I
    > suggested since this newsgroup is not really the place to post such logs?
    > --
    > Mike Maltby
    > mike.maltby@gmail.com

    I got a link from the forum to this:

    http://castlecops.com/postitle127061-0-0-mprexe.html

    "Ad-Aware reports the following as a "dialer" located in 2 registry keys;
    HKEY Users\Default and HKEY Local Machine:

    Software\Microsoft\Windows\Current Version\Run""""

    I went to those registry locations and did not find any such entry. I
    re-booted and ran Ad-Aware again...they were still reported...I quarantined
    them, ran Ad-Aware again and they were again reported as being at those
    locations. That's it, I haven't a clue as to what to try next....hopefully
    it's just some sort of aberration and not truly a dialer busily at work. Any
    suggestions or explanations?....... Harshale
    _________________
    You can't spend what you ain't got, ...you can't lose what you ain't never
    had "

    ==========================================

    Not much help as to why Ad-Aware is showing the complaint.

    I'm trying to get a reply from Lavasoft, but no luck so far.

    OM
  13. Archived from groups: microsoft.public.windowsme.general (More info?)

    "OM" <Nomail@msn.com> wrote in message
    news:D4NBe.176916$xm3.72591@attbi_s21...
    >
    > "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    > news:OqGRqyRiFHA.2424@TK2MSFTNGP09.phx.gbl...
    >> What feedback did you get when you posted your HJT log to the forum I
    >> suggested since this newsgroup is not really the place to post such logs?
    >> --
    >> Mike Maltby
    >> mike.maltby@gmail.com
    >
    > I got a link from the forum to this:
    >
    > http://castlecops.com/postitle127061-0-0-mprexe.html
    >
    > "Ad-Aware reports the following as a "dialer" located in 2 registry keys;
    > HKEY Users\Default and HKEY Local Machine:
    >
    > Software\Microsoft\Windows\Current Version\Run""""
    >
    > I went to those registry locations and did not find any such entry. I
    > re-booted and ran Ad-Aware again...they were still reported...I
    > quarantined
    > them, ran Ad-Aware again and they were again reported as being at those
    > locations. That's it, I haven't a clue as to what to try next....hopefully
    > it's just some sort of aberration and not truly a dialer busily at work.
    > Any
    > suggestions or explanations?....... Harshale
    > _________________
    > You can't spend what you ain't got, ...you can't lose what you ain't never
    > had "
    >
    > ==========================================
    >
    > Not much help as to why Ad-Aware is showing the complaint.
    >
    > I'm trying to get a reply from Lavasoft, but no luck so far.
    >

    Have you installed the latest Ad-aware def file? Just maybe it's an issue
    with the previous one. Obviously, if you haven't installed it yet, you
    should anyhow. If the updater doesn't work, download it from the site,
    zipped.


    Shane
  14. Archived from groups: microsoft.public.windowsme.general (More info?)

    Shane <arthursixpence@hotmail.com> wrote:

    > Have you installed the latest Ad-aware def file? Just maybe it's an
    > issue with the previous one. Obviously, if you haven't installed it
    > yet, you should anyhow. If the updater doesn't work, download it from
    > the site, zipped.

    It certainly looks as if this is simply a false positive that has been
    corrected in later definition files.
    --
    Mike
  15. Archived from groups: microsoft.public.windowsme.general (More info?)

    Mike M wrote:
    > Shane <arthursixpence@hotmail.com> wrote:
    >
    >> Have you installed the latest Ad-aware def file? Just maybe it's an
    >> issue with the previous one. Obviously, if you haven't installed it
    >> yet, you should anyhow. If the updater doesn't work, download it from
    >> the site, zipped.
    >
    >
    > It certainly looks as if this is simply a false positive that has been
    > corrected in later definition files.

    or AdAware reported it then deleted it so it wasn't there when the OP
    looked for it.
  16. Archived from groups: microsoft.public.windowsme.general (More info?)

    Rick T <plinnane3REMOVE@NOSPAMyahoo.com> wrote:

    > or AdAware reported it then deleted it so it wasn't there when the OP
    > looked for it.

    Unlikely as OM reported AdAware reporting wildflics as still being present
    after "removal" in their post made at 02:15 GMT today, 15 July.
    --
    Mike
  17. Archived from groups: microsoft.public.windowsme.general (More info?)

    Mike M wrote:
    > Rick T <plinnane3REMOVE@NOSPAMyahoo.com> wrote:
    >
    >> or AdAware reported it then deleted it so it wasn't there when the OP
    >> looked for it.
    >
    >
    > Unlikely as OM reported AdAware reporting wildflics as still being
    > present after "removal" in their post made at 02:15 GMT today, 15 July.

    second half (unposted) was "and something put it back there", though
    that'd mean AA wasn't up-to-date in some manner.
  18. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Shane" <arthursixpence@hotmail.com> wrote in message
    news:qaNBe.647$s9.541@newsfe3-gui.ntli.net...

    > Have you installed the latest Ad-aware def file? Just maybe it's an issue
    > with the previous one. Obviously, if you haven't installed it yet, you
    > should anyhow. If the updater doesn't work, download it from the site,
    > zipped.
    >
    > Shane

    Just loaded Ad-Aware Def file SE1R54 14.07.2005, and guess what?
    No complaints!

    Thanks Shane & Mike, OM
  19. Archived from groups: microsoft.public.windowsme.general (More info?)

    Thanks for the feedback. Whilst comforting for you it's also reassuring
    for me as I could see nothing amiss in your HJT log other that you have
    real player installed into your windows\temp folder.
    --
    Mike Maltby
    mike.maltby@gmail.com


    OM <Nomail@msn.com> wrote:

    > Just loaded Ad-Aware Def file SE1R54 14.07.2005, and guess what?
    > No complaints!
    >
    > Thanks Shane & Mike, OM
  20. Archived from groups: microsoft.public.windowsme.general (More info?)

    "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
    news:Os6NeSXiFHA.3596@TK2MSFTNGP10.phx.gbl...
    > Thanks for the feedback. Whilst comforting for you it's also reassuring
    > for me as I could see nothing amiss in your HJT log other that you have
    > real player installed into your windows\temp folder.
    > --
    > Mike Maltby

    Thanks for all the help with this, Mike. I now know more about HJT and
    learned how to blog
    ..
    I have no idea why real player was in the temp folder. I had it un-installed
    before I generated the HJT log - I think. And it should not have been there
    for any reason I can think of. Strange things sometimes happen when run real
    player with other programs running at the same time, so I un-installed it
    when I started having problems (constant interrupts) running Norton's Disk
    Doctor, for instance. For a while, I had to go into protected mode to run
    Disk Doctor; it found date stamp errors. Somewhere along the way that
    problem went away, and everything seems back to normal now, but I have not
    re-loaded real player - yet.

    Let me ask more about clearing out the directory C:\WINDOWS\TEMP. There are
    a bunch of sub-directories in it, and some of the files I was reluctant to
    delete. I have absolutely no idea why CONFIG.SYS is there. (I have one in
    the root that I think is the active config.sys when I run DOS - or is it?)
    Can all of the files under Window\temp be safely deleted, and what about all
    the files in those sub-directories?

    Again - thanks for any suggestions. OM

    C:\WINDOWS\TEMP
    <DIR> 06-20-00 3:46p ..
    VBE <DIR> 11-02-04 9:44a VBE
    MSOHTML1 <DIR> 11-07-04 10:19p msohtml1
    WORD8 0 <DIR> 11-13-04 12:30p Word8.0
    CDDB <DIR> 11-17-04 10:33p Cddb
    ~EXB0000 <DIR> 12-04-04 11:28a ~EXB0000
    ADOBE <DIR> 01-05-05 6:48p Adobe
    {FD71A~1 <DIR> 02-04-05 10:17a
    {FD71A5F8-6D54-48A5-874E-82E10C88F04D}
    ~EXB0001 <DIR> 03-31-05 5:01p ~EXB0001
    _ISTMP0 DIR <DIR> 04-27-05 9:23p _ISTMP0.DIR
    FRONTP~1 <DIR> 06-07-05 3:08p FrontPageTempDir
    {5A0C8~1 <DIR> 06-08-05 9:31p
    {5a0c892e-fd1c-4203-941e-0956aed20a6a}
    ~WKS99~1 <DIR> 06-09-05 7:00p ~WKS99TEMP
    ~EXB0002 <DIR> 06-19-05 4:14p ~EXB0002
    ~RNSETUP <DIR> 06-19-05 9:34p ~rnsetup
    ~DF161B TMP 15,360 07-14-05 8:50a ~DF161B.TMP
    ~DF125B TMP 15,360 07-14-05 4:13p ~DF125B.TMP
    ~DFEEA TMP 15,360 07-14-05 7:09p ~DFEEA.TMP
    ~DF39EE TMP 44,544 07-14-05 7:09p ~DF39EE.TMP
    ~DFFF16 TMP 15,360 07-14-05 10:22p ~DFFF16.TMP
    ~DF2906 TMP 15,360 07-15-05 7:10a ~DF2906.TMP
    ~DF12F0 TMP 15,360 07-15-05 10:58a ~DF12F0.TMP
    ~DF2A2C TMP 15,360 07-15-05 3:46p ~DF2A2C.TMP
    _ISDELET INI 197 07-07-05 2:38p _isdelet.ini
    ~DFFC45 TMP 15,360 07-13-05 10:16p ~DFFC45.TMP
    CONTROL XML 13,164 04-25-05 8:26p control.xml
    DOTNETFX LOG 1,188 06-10-05 1:16p dotNetFx.log
    CONFIG SYS 45 06-10-05 2:43p CONFIG.SYS
    CONFIG~1 SAV 0 06-07-05 11:14p CONFIG.SAV1964
    15 file(s) 182,018 bytes
    16 dir(s) 4,306.69 MB free
  21. Archived from groups: microsoft.public.windowsme.general (More info?)

    "OM" <Nomail@msn.com> wrote in message
    news:W5UBe.156430$_o.81283@attbi_s71...
    >
    > "Shane" <arthursixpence@hotmail.com> wrote in message
    > news:qaNBe.647$s9.541@newsfe3-gui.ntli.net...
    >
    >> Have you installed the latest Ad-aware def file? Just maybe it's an issue
    >> with the previous one. Obviously, if you haven't installed it yet, you
    >> should anyhow. If the updater doesn't work, download it from the site,
    >> zipped.
    >>
    >> Shane
    >
    > Just loaded Ad-Aware Def file SE1R54 14.07.2005, and guess what?
    > No complaints!
    >
    > Thanks Shane & Mike, OM

    Glad it's sorted out. Though I thought it a long shot at first, I remember a
    definition update of 2 or 3 weeks ago, where it was revised within a day or
    two, so I wonder if that's the one you had.

    Shane
Ask a new question

Read More

Dialer Microsoft Windows