Sign in with
Sign up | Sign in
Your question

What's a "Dialer Object" & "Jump to Key" ??

Last response: in Windows 95/98/ME
Share
Anonymous
July 13, 2005 2:56:30 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Help please:

AdAware has started picking up these "Jump to Key" items. I delete them, and
they come back. What are they? How can they be prevented?

OM

------------

Dialer Object Recognized!
Type : RegValue
Data : Wildflics
Category : Dialer
Comment : ""
Rootkey : HKEY_USERS
Object :
..DEFAULT\software\microsoft\windows\currentversion\run
Value :

Dialer Object Recognized!
Type : RegValue
Data : Wildflics
Category : Dialer
Comment : ""
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run

More about : dialer object jump key

Anonymous
July 13, 2005 4:51:03 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

I'm not sure what you mean by "Jump to Key". The two entries you report
are telling you that there are entries in the registry that are being used
to launch an almost certainly unwanted porn dialler each time you boot
your PC. The keys being
HKEY_USERS\software\microsoft\windows\currentversion\run and
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run.

To remove these entries you need to find the file that is creating these
keys each time you boot your PC. You might find it helpful to download
and use HijackThis from
http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
HJT on C: (not on your desktop nor in your temp folder) and copy the file
you downloaded to that folder. Close as many applications as you can
including all instances of Internet Explorer. Enable Windows Explorer to
see all files and folders (Tools | Folder Options | View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files"), clear your Temp folder and Temporary Internet Files and then run
hijackthis.exe and post back the log to the HijackThis Forum at
http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
someone to identify the cause of your problem.

> How can they be prevented?

That's the $64,000 question but a good place to start is by ensuring that
your PC is fully patched, by using a good antivirus application which is
kept updated, perhaps even daily, by using tools such as AdAware, SpyBot
Search & Destroy, Spyware Blaster and more, using a firewall and most
important of all by practising Safe Hex. Don't click on or download files
unless you know you want them and the consequences of doing so.

See also: Dealing with Unwanted Malware, Parasites, Toolbars and Search
Engines http://mvps.org/winhelp2002/unwanted.htm and also Browser
Hijacking http://www.spywareinfo.com/articles/hijacked/
--
Mike Maltby
mike.maltby@gmail.com


OM <Nomail@msn.com> wrote:

> Help please:
>
> AdAware has started picking up these "Jump to Key" items. I delete
> them, and they come back. What are they? How can they be prevented?
>
> OM
>
> ------------
>
> Dialer Object Recognized!
> Type : RegValue
> Data : Wildflics
> Category : Dialer
> Comment : ""
> Rootkey : HKEY_USERS
> Object :
> .DEFAULT\software\microsoft\windows\currentversion\run
> Value :
>
> Dialer Object Recognized!
> Type : RegValue
> Data : Wildflics
> Category : Dialer
> Comment : ""
> Rootkey : HKEY_LOCAL_MACHINE
> Object : software\microsoft\windows\currentversion\run
July 13, 2005 1:36:31 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

> Don't click on or download files unless you know you want them and the
> consequences of doing so.

That's concise, Mike! That should perhaps be tattooed on people's foreheads
when they buy their first computer!


Shane



--
¼á
"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:upBHTyzhFHA.4028@TK2MSFTNGP10.phx.gbl...
> I'm not sure what you mean by "Jump to Key". The two entries you report
> are telling you that there are entries in the registry that are being used
> to launch an almost certainly unwanted porn dialler each time you boot
> your PC. The keys being
> HKEY_USERS\software\microsoft\windows\currentversion\run and
> HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run.
>
> To remove these entries you need to find the file that is creating these
> keys each time you boot your PC. You might find it helpful to download
> and use HijackThis from
> http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
> HJT on C: (not on your desktop nor in your temp folder) and copy the file
> you downloaded to that folder. Close as many applications as you can
> including all instances of Internet Explorer. Enable Windows Explorer to
> see all files and folders (Tools | Folder Options | View and check "Show
> hidden files and folders" and uncheck "Hide protected operating system
> files"), clear your Temp folder and Temporary Internet Files and then run
> hijackthis.exe and post back the log to the HijackThis Forum at
> http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
> someone to identify the cause of your problem.
>
>> How can they be prevented?
>
> That's the $64,000 question but a good place to start is by ensuring that
> your PC is fully patched, by using a good antivirus application which is
> kept updated, perhaps even daily, by using tools such as AdAware, SpyBot
> Search & Destroy, Spyware Blaster and more, using a firewall and most
> important of all by practising Safe Hex. Don't click on or download files
> unless you know you want them and the consequences of doing so.
>
> See also: Dealing with Unwanted Malware, Parasites, Toolbars and Search
> Engines http://mvps.org/winhelp2002/unwanted.htm and also Browser
> Hijacking http://www.spywareinfo.com/articles/hijacked/
> --
> Mike Maltby
> mike.maltby@gmail.com
>
>
> OM <Nomail@msn.com> wrote:
>
>> Help please:
>>
>> AdAware has started picking up these "Jump to Key" items. I delete
>> them, and they come back. What are they? How can they be prevented?
>>
>> OM
>>
>> ------------
>>
>> Dialer Object Recognized!
>> Type : RegValue
>> Data : Wildflics
>> Category : Dialer
>> Comment : ""
>> Rootkey : HKEY_USERS
>> Object :
>> .DEFAULT\software\microsoft\windows\currentversion\run
>> Value :
>>
>> Dialer Object Recognized!
>> Type : RegValue
>> Data : Wildflics
>> Category : Dialer
>> Comment : ""
>> Rootkey : HKEY_LOCAL_MACHINE
>> Object : software\microsoft\windows\currentversion\run
>
Related resources
Anonymous
July 13, 2005 7:57:33 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:upBHTyzhFHA.4028@TK2MSFTNGP10.phx.gbl...
> I'm not sure what you mean by "Jump to Key". The two entries you report
> are telling you that there are entries in the registry that are being used
> to launch an almost certainly unwanted porn dialler each time you boot
> your PC. The keys being
> HKEY_USERS\software\microsoft\windows\currentversion\run and
> HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run.
>
> To remove these entries you need to find the file that is creating these
> keys each time you boot your PC. You might find it helpful to download
> and use HijackThis from
> http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
> HJT on C: (not on your desktop nor in your temp folder) and copy the file
> you downloaded to that folder. Close as many applications as you can
> including all instances of Internet Explorer. Enable Windows Explorer to
> see all files and folders (Tools | Folder Options | View and check "Show
> hidden files and folders" and uncheck "Hide protected operating system
> files"), clear your Temp folder and Temporary Internet Files and then run
> hijackthis.exe and post back the log to the HijackThis Forum at
> http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
> someone to identify the cause of your problem.

Thanks Mike. Have done as you suggested and waiting for answers or
suggestions from the BLOG.
Would you have any any suggestions from my HijackThis log?? Would the
startup information give any help?

OM
------------
Logfile of HijackThis v1.99.1
Scan saved at 11:07:36 AM, on 7/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISSERV.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\MAINSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\IAMAPP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\ATRACK.EXE
C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\APCSYSTRAY.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\HJT\HIJACKTH.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mchsi.com/hendersonville
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: STOPzilla Browser Helper Object -
{E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\SYSTEM\SZIEBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe"
/autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [TkBellExe]
:\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot
O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE
PLUS\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [STOPzilla Service] C:\PROGRAM
FILES\STOPZILLA!\SZNTSVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton
Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [APC_SERVICE] C:\Program Files\APC\APC PowerChute
Personal Edition\mainserv.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program
Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton
Utilities\SYSDOC32.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute
Personal Edition\Display.exe
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program
Files\NetShow Services\Tools\nsppthlp.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
http://updates.lifescapeinc.com/installers/pinstall/pin...
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
http://www.stopzilla.com/_download/Auto_Installer/dwnld...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/activedata/Sym...
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/Act...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/133e3d36e5a5447f0902/netzip...
O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam Control) -
http://www.forsythe.tzo.net:1080/XNC600NetCam.cab

> > ------------
> >
> > Dialer Object Recognized!
> > Type : RegValue
> > Data : Wildflics
> > Category : Dialer
> > Comment : ""
> > Rootkey : HKEY_USERS
> > Object :
> > .DEFAULT\software\microsoft\windows\currentversion\run
> > Value :
> >
> > Dialer Object Recognized!
> > Type : RegValue
> > Data : Wildflics
> > Category : Dialer
> > Comment : ""
> > Rootkey : HKEY_LOCAL_MACHINE
> > Object : software\microsoft\windows\currentversion\run
>
Anonymous
July 14, 2005 12:17:51 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Lots of malware there most carrying the name Norton and Symantec none of
which works well on PC and perhaps not doing its job of keeping the system
clean. :-)

Moving on, I'm not sure why you have C:\WINDOWS\SYSTEM\WINOA386.MOD
running which will appear in Taskman as Winoldap, presumably you have some
old legacy DOS application running. If not be suspicious but I'm not sure
how it's being launched.

I don't like O4 - HKLM\..\Run: [TkBellExe]
:\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot and can only assume
that you ran HJT in the middle of an install as nothing should be running
from the Temp folder. Either that or you've installed RealPlayer to your
temp folder. This probably also relates to
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/133e3d36e5a5447f0902/netzip...

I can see nothing that I might identify as being a Wildflics dialler. Is
it possible that you have now cleaned this entry successfully? I can see
lots that I would personally prune or remove but nothing that I would
think would set alarm bells running that I haven't already mentioned.
--
Mike Maltby
mike.maltby@gmail.com


OM <Nomail@msn.com> wrote:

> Thanks Mike. Have done as you suggested and waiting for answers or
> suggestions from the BLOG.
> Would you have any any suggestions from my HijackThis log?? Would the
> startup information give any help?
>
> OM
> ------------
> Logfile of HijackThis v1.99.1
> Scan saved at 11:07:36 AM, on 7/13/2005
> Platform: Windows ME (Win9x 4.90.3000)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\SYSTEM\KERNEL32.DLL
> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> C:\WINDOWS\SYSTEM\mmtask.tsk
> C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISSERV.EXE
> C:\WINDOWS\SYSTEM\MPREXE.EXE
> C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
> C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
> C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
> C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
> C:\WINDOWS\SYSTEM\MSTASK.EXE
> C:\WINDOWS\SYSTEM\STIMON.EXE
> C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\MAINSERV.EXE
> C:\WINDOWS\EXPLORER.EXE
> C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISUM.EXE
> C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\IAMAPP.EXE
> C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
> C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\ATRACK.EXE
> C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE
> C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
> C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
> C:\WINDOWS\SYSTEM\INTERNAT.EXE
> C:\WINDOWS\SYSTEM\QTTASK.EXE
> C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> C:\WINDOWS\TASKMON.EXE
> C:\WINDOWS\SYSTEM\WMIEXE.EXE
> C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
> C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
> C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\APCSYSTRAY.EXE
> C:\WINDOWS\SYSTEM\WINOA386.MOD
> C:\HJT\HIJACKTH.EXE
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.mchsi.com/hendersonville
> F1 - win.ini: run=hpfsched
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
> FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
> O2 - BHO: STOPzilla Browser Helper Object -
> {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\SYSTEM\SZIEBHO.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar2.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\SYSTEM\MSDXM.OCX
> O4 - HKLM\..\Run: [STOPzilla] "C:\Program
> Files\STOPzilla!\Stopzilla.exe" /autorun
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
> O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
> O4 - HKLM\..\Run: [internat.exe] internat.exe
> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
> Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
> O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton
> Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [PCHealth]
> C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
> O4 - HKLM\..\Run: [QuickTime Task]
> "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
> O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
> O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common
> Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
> O4 - HKLM\..\Run: [TkBellExe]
> :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot
> O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE
> PLUS\AD-AWARE.EXE" +c
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
> O4 - HKLM\..\RunServices: [*StateMgr]
> C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices:
> [STOPzilla Service] C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
> O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common
> Files\Symantec Shared\ccEvtMgr.exe"
> O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common
> Files\Symantec Shared\ccSetMgr.exe"
> O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton
> Utilities\NPROTECT.EXE
> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
> O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
> Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
> O4 - HKLM\..\RunServices: [StillImageMonitor]
> C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [APC_SERVICE]
> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
> O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program
> Files\BestPopUpKiller\BestPopupKiller.exe /startup
> O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
> /startup
> O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
> O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office10\OSA.EXE
> O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton
> Utilities\SYSDOC32.EXE
> O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute
> Personal Edition\Display.exe
> O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program
> Files\NetShow Services\Tools\nsppthlp.exe
> O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
> O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
> O8 - Extra context menu item: Translate into English -
> res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
> O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
> O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
> http://updates.lifescapeinc.com/installers/pinstall/pin...
> O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
> http://www.stopzilla.com/_download/Auto_Installer/dwnld...
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
> Class) -
> https://www-secure.symantec.com/techsupp/activedata/Sym...
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
> Class) -
> https://www-secure.symantec.com/techsupp/activedata/Act...
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://software-dl.real.com/133e3d36e5a5447f0902/netzip...
> O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam
> Control) - http://www.forsythe.tzo.net:1080/XNC600NetCam.cab
Anonymous
July 14, 2005 3:57:22 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:#$bEw#9hFHA.572@TK2MSFTNGP15.phx.gbl...


Re: "clear your Temp folder and Temporary Internet Files and then run
hijackthis.exe"

Mike - Before running HijackThis, I cleared the c:\temp folder & the
C:\windows\Temporary Internet Files folder.
Should I have also cleared the contents out of these other TEMP folders
before running HijackThis?

OM

*** TEMP FOLDERS on my system ***
C:\temp
C:\WINDOWS\Temporary Internet Files

C:\_RESTORE\TEMP
C:\WINDOWS\TEMP
C:\WINDOWS\SYSTEM\URTTemp
C:\WINDOWS\PCHEALTH\SUPPORT\Temp
C:\WINDOWS\PCHEALTH\HELPCTR\Temp
C:\WINDOWS\TEMP\~msetup\TEMP
C:\WINDOWS\Application Data\Symantec\Norton AntiVirus\Temp
C:\WINDOWS\assembly\temp


> Lots of malware there most carrying the name Norton and Symantec none of
> which works well on PC and perhaps not doing its job of keeping the system
> clean. :-)

What's your suggestion for better protection? I also use the Linksys Router
for its firewall. Does a nice job of keeping the Trojans out.

> Moving on, I'm not sure why you have C:\WINDOWS\SYSTEM\WINOA386.MOD
> running which will appear in Taskman as Winoldap, presumably you have some
> old legacy DOS application running. If not be suspicious but I'm not sure
> how it's being launched.

Is there a safe way to take this out and put it back in, if needed? I run
grep and brief in DOS to edit and search various text (radio log) files. Old
habits are hard to break.

> I don't like O4 - HKLM\..\Run: [TkBellExe]
> :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot and can only assume
> that you ran HJT in the middle of an install as nothing should be running
> from the Temp folder. Either that or you've installed RealPlayer to your
> temp folder. This probably also relates to
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://software-dl.real.com/133e3d36e5a5447f0902/netzip...

Still looking into this one.

OM
Anonymous
July 14, 2005 5:34:34 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

By default the windows and user temp folder is C:\Windows\Temp. It
appears that you have both this folder and also a C:\Temp, presumably
created by some application you have installed or by yourself if you chose
to alter the default. I would certainly clear the C:\Windows\Temp folder
although it does appear that you have at least one application (part of
real player) running in this folder which is not advisable.

You can safely ignore C:\_RESTORE\TEMP (part of system restore and cannot
be emptied when windows is running), C:\WINDOWS\PCHEALTH\SUPPORT\Temp,
C:\WINDOWS\PCHEALTH\HELPCTR\Temp and C:\WINDOWS\Application
Data\Symantec\Norton AntiVirus\Temp

C:\WINDOWS\SYSTEM\URTTemp and C:\WINDOWS\assembly\temp are both used by
the .NET Framework and would suggest you leave them untouched.

There's no need to worry about C:\WINDOWS\SYSTEM\WINOA386.MOD as long as
you know why it is being launched. It isn't being launched when you boot
Win Me but rather when you first use one of your older apps.

As for a possible alternative to Norton, well the choice is wide, with
virtually any product being better with possibilities ranging from the
free AVG AV application through the likes of AVAST, Computer Associates
ETrust and Panda to NOD32 and Kaspersky. Which depends on the depth of
your pocket. Personally I mainly use eTrust (currently free for the first
year), AVG where the user doesn't want to pay and NOD32 or Kaspersky where
they don't mind paying for peace of mind.
--
Mike Maltby
mike.maltby@gmail.com


OM <Nomail@msn.com> wrote:

> "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
> news:#$bEw#9hFHA.572@TK2MSFTNGP15.phx.gbl...
>
>
> Re: "clear your Temp folder and Temporary Internet Files and then run
> hijackthis.exe"
>
> Mike - Before running HijackThis, I cleared the c:\temp folder & the
> C:\windows\Temporary Internet Files folder.
> Should I have also cleared the contents out of these other TEMP
> folders before running HijackThis?
>
> OM
>
> *** TEMP FOLDERS on my system ***
> C:\temp
> C:\WINDOWS\Temporary Internet Files
>
> C:\_RESTORE\TEMP
> C:\WINDOWS\TEMP
> C:\WINDOWS\SYSTEM\URTTemp
> C:\WINDOWS\PCHEALTH\SUPPORT\Temp
> C:\WINDOWS\PCHEALTH\HELPCTR\Temp
> C:\WINDOWS\TEMP\~msetup\TEMP
> C:\WINDOWS\Application Data\Symantec\Norton AntiVirus\Temp
> C:\WINDOWS\assembly\temp
>
>
>> Lots of malware there most carrying the name Norton and Symantec
>> none of which works well on PC and perhaps not doing its job of
>> keeping the system clean. :-)
>
> What's your suggestion for better protection? I also use the Linksys
> Router for its firewall. Does a nice job of keeping the Trojans out.
>
>> Moving on, I'm not sure why you have C:\WINDOWS\SYSTEM\WINOA386.MOD
>> running which will appear in Taskman as Winoldap, presumably you
>> have some old legacy DOS application running. If not be suspicious
>> but I'm not sure how it's being launched.
>
> Is there a safe way to take this out and put it back in, if needed? I
> run grep and brief in DOS to edit and search various text (radio log)
> files. Old habits are hard to break.
>
>> I don't like O4 - HKLM\..\Run: [TkBellExe]
>> :\WINDOWS\TEMP\~rnsetup\RNADMIN\realsched.exe -osboot and can only
>> assume that you ran HJT in the middle of an install as nothing
>> should be running from the Temp folder. Either that or you've
>> installed RealPlayer to your temp folder. This probably also relates
>> to
>> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
>> http://software-dl.real.com/133e3d36e5a5447f0902/netzip...
>
> Still looking into this one.
>
> OM
Anonymous
July 14, 2005 10:56:38 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Forget the forehead - most people see other parts of their anatomy more
often!
<VBEG>

--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Shane" <shanebeatson@gmail.com> wrote in message
news:%23fP99X4hFHA.1464@TK2MSFTNGP14.phx.gbl...
>> Don't click on or download files unless you know you want them and the
>> consequences of doing so.
>
> That's concise, Mike! That should perhaps be tattooed on people's
> foreheads when they buy their first computer!
>
>
> Shane
>
Anonymous
July 14, 2005 10:56:39 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Noel Paton" <NoelDPspamless@btopenworld.com> wrote in message
news:e5Soc1JiFHA.3436@tk2msftngp13.phx.gbl...
> Forget the forehead - most people see other parts of their anatomy more
> often!
> <VBEG>
>
> --
> Noel Paton (MS-MVP 2002-2005, Windows)
>
> Nil Carborundum Illegitemi
> http://www.btinternet.com/~winnoel/millsrpch.htm
>
> http://tinyurl.com/6oztj
>
> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
>
> "Shane" <shanebeatson@gmail.com> wrote in message
> news:%23fP99X4hFHA.1464@TK2MSFTNGP14.phx.gbl...
> >> Don't click on or download files unless you know you want them and the
> >> consequences of doing so.
> >
> > That's concise, Mike! That should perhaps be tattooed on people's
> > foreheads when they buy their first computer!
> >
> >
> > Shane

Gee - that's real helpful. OM
July 14, 2005 10:56:40 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"OM" <Nomail@msn.com> wrote in message
news:e1yBe.153339$_o.38495@attbi_s71...
>
> "Noel Paton" <NoelDPspamless@btopenworld.com> wrote in message
> news:e5Soc1JiFHA.3436@tk2msftngp13.phx.gbl...
>> Forget the forehead - most people see other parts of their anatomy more
>> often!
>> <VBEG>
>>
>> --
>> Noel Paton (MS-MVP 2002-2005, Windows)
>>
>> Nil Carborundum Illegitemi
>> http://www.btinternet.com/~winnoel/millsrpch.htm
>>
>> http://tinyurl.com/6oztj
>>
>> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
>>
>> "Shane" <shanebeatson@gmail.com> wrote in message
>> news:%23fP99X4hFHA.1464@TK2MSFTNGP14.phx.gbl...
>> >> Don't click on or download files unless you know you want them and the
>> >> consequences of doing so.
>> >
>> > That's concise, Mike! That should perhaps be tattooed on people's
>> > foreheads when they buy their first computer!
>> >
>> >
>> > Shane
>
> Gee - that's real helpful. OM
>

Gee - you already got helped, didn't you? Or do you own this thread?


Shane
Anonymous
July 15, 2005 6:15:16 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:#8q1kZNiFHA.1044@tk2msftngp13.phx.gbl...
> USER.DAT is one of the three files that comprise the registry the others
> being CLASSES.DAT and SYSTEM.DAT. USER.DAT contains the HKCU hive and
> should only ever be accessed using an appropriate tool such as regedit and
> even then only by someone who knows what they are doing. For example when
> searching as you did for a file containing the string "wildflics" you will
> have immediately created a string containing "wildflics" in the HKCU hive
> and therefore the USER.DAT. You can prove this for yourself by using
> Windows Explorer to search for a file containing "Rumplestiltskin". The
> only hit will be USER.DAT.
>
> So unfortunately, that you found the string "wildflics" in USER.DAT adds
> nothing to what has gone before. Even less so since you don't mention
> whether AdAware is still finding this dialler.

Yes, AdAware still generates both dialler complaints, and after checking the
deletion boxes, finishing, and immediately re-running AdAware - I get the
two complaints again. ak
Anonymous
July 15, 2005 2:07:42 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

What feedback did you get when you posted your HJT log to the forum I
suggested since this newsgroup is not really the place to post such logs?
--
Mike Maltby
mike.maltby@gmail.com


OM <Nomail@msn.com> wrote:

> Yes, AdAware still generates both dialler complaints, and after
> checking the deletion boxes, finishing, and immediately re-running
> AdAware - I get the two complaints again. ak
Anonymous
July 15, 2005 3:27:31 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:o qGRqyRiFHA.2424@TK2MSFTNGP09.phx.gbl...
> What feedback did you get when you posted your HJT log to the forum I
> suggested since this newsgroup is not really the place to post such logs?
> --
> Mike Maltby
> mike.maltby@gmail.com

I got a link from the forum to this:

http://castlecops.com/postitle127061-0-0-mprexe.html

"Ad-Aware reports the following as a "dialer" located in 2 registry keys;
HKEY Users\Default and HKEY Local Machine:

Software\Microsoft\Windows\Current Version\Run""""

I went to those registry locations and did not find any such entry. I
re-booted and ran Ad-Aware again...they were still reported...I quarantined
them, ran Ad-Aware again and they were again reported as being at those
locations. That's it, I haven't a clue as to what to try next....hopefully
it's just some sort of aberration and not truly a dialer busily at work. Any
suggestions or explanations?....... Harshale
_________________
You can't spend what you ain't got, ...you can't lose what you ain't never
had "

==========================================

Not much help as to why Ad-Aware is showing the complaint.

I'm trying to get a reply from Lavasoft, but no luck so far.

OM
July 15, 2005 3:33:42 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"OM" <Nomail@msn.com> wrote in message
news:D 4NBe.176916$xm3.72591@attbi_s21...
>
> "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
> news:o qGRqyRiFHA.2424@TK2MSFTNGP09.phx.gbl...
>> What feedback did you get when you posted your HJT log to the forum I
>> suggested since this newsgroup is not really the place to post such logs?
>> --
>> Mike Maltby
>> mike.maltby@gmail.com
>
> I got a link from the forum to this:
>
> http://castlecops.com/postitle127061-0-0-mprexe.html
>
> "Ad-Aware reports the following as a "dialer" located in 2 registry keys;
> HKEY Users\Default and HKEY Local Machine:
>
> Software\Microsoft\Windows\Current Version\Run""""
>
> I went to those registry locations and did not find any such entry. I
> re-booted and ran Ad-Aware again...they were still reported...I
> quarantined
> them, ran Ad-Aware again and they were again reported as being at those
> locations. That's it, I haven't a clue as to what to try next....hopefully
> it's just some sort of aberration and not truly a dialer busily at work.
> Any
> suggestions or explanations?....... Harshale
> _________________
> You can't spend what you ain't got, ...you can't lose what you ain't never
> had "
>
> ==========================================
>
> Not much help as to why Ad-Aware is showing the complaint.
>
> I'm trying to get a reply from Lavasoft, but no luck so far.
>

Have you installed the latest Ad-aware def file? Just maybe it's an issue
with the previous one. Obviously, if you haven't installed it yet, you
should anyhow. If the updater doesn't work, download it from the site,
zipped.


Shane
Anonymous
July 15, 2005 6:23:39 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Shane <arthursixpence@hotmail.com> wrote:

> Have you installed the latest Ad-aware def file? Just maybe it's an
> issue with the previous one. Obviously, if you haven't installed it
> yet, you should anyhow. If the updater doesn't work, download it from
> the site, zipped.

It certainly looks as if this is simply a false positive that has been
corrected in later definition files.
--
Mike
Anonymous
July 15, 2005 6:23:40 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Mike M wrote:
> Shane <arthursixpence@hotmail.com> wrote:
>
>> Have you installed the latest Ad-aware def file? Just maybe it's an
>> issue with the previous one. Obviously, if you haven't installed it
>> yet, you should anyhow. If the updater doesn't work, download it from
>> the site, zipped.
>
>
> It certainly looks as if this is simply a false positive that has been
> corrected in later definition files.

or AdAware reported it then deleted it so it wasn't there when the OP
looked for it.
Anonymous
July 15, 2005 10:08:48 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Rick T <plinnane3REMOVE@NOSPAMyahoo.com> wrote:

> or AdAware reported it then deleted it so it wasn't there when the OP
> looked for it.

Unlikely as OM reported AdAware reporting wildflics as still being present
after "removal" in their post made at 02:15 GMT today, 15 July.
--
Mike
Anonymous
July 15, 2005 10:08:49 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Mike M wrote:
> Rick T <plinnane3REMOVE@NOSPAMyahoo.com> wrote:
>
>> or AdAware reported it then deleted it so it wasn't there when the OP
>> looked for it.
>
>
> Unlikely as OM reported AdAware reporting wildflics as still being
> present after "removal" in their post made at 02:15 GMT today, 15 July.

second half (unposted) was "and something put it back there", though
that'd mean AA wasn't up-to-date in some manner.
Anonymous
July 15, 2005 11:26:47 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Shane" <arthursixpence@hotmail.com> wrote in message
news:qaNBe.647$s9.541@newsfe3-gui.ntli.net...

> Have you installed the latest Ad-aware def file? Just maybe it's an issue
> with the previous one. Obviously, if you haven't installed it yet, you
> should anyhow. If the updater doesn't work, download it from the site,
> zipped.
>
> Shane

Just loaded Ad-Aware Def file SE1R54 14.07.2005, and guess what?
No complaints!

Thanks Shane & Mike, OM
Anonymous
July 16, 2005 12:38:30 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Thanks for the feedback. Whilst comforting for you it's also reassuring
for me as I could see nothing amiss in your HJT log other that you have
real player installed into your windows\temp folder.
--
Mike Maltby
mike.maltby@gmail.com


OM <Nomail@msn.com> wrote:

> Just loaded Ad-Aware Def file SE1R54 14.07.2005, and guess what?
> No complaints!
>
> Thanks Shane & Mike, OM
Anonymous
July 16, 2005 12:38:31 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:o s6NeSXiFHA.3596@TK2MSFTNGP10.phx.gbl...
> Thanks for the feedback. Whilst comforting for you it's also reassuring
> for me as I could see nothing amiss in your HJT log other that you have
> real player installed into your windows\temp folder.
> --
> Mike Maltby

Thanks for all the help with this, Mike. I now know more about HJT and
learned how to blog
..
I have no idea why real player was in the temp folder. I had it un-installed
before I generated the HJT log - I think. And it should not have been there
for any reason I can think of. Strange things sometimes happen when run real
player with other programs running at the same time, so I un-installed it
when I started having problems (constant interrupts) running Norton's Disk
Doctor, for instance. For a while, I had to go into protected mode to run
Disk Doctor; it found date stamp errors. Somewhere along the way that
problem went away, and everything seems back to normal now, but I have not
re-loaded real player - yet.

Let me ask more about clearing out the directory C:\WINDOWS\TEMP. There are
a bunch of sub-directories in it, and some of the files I was reluctant to
delete. I have absolutely no idea why CONFIG.SYS is there. (I have one in
the root that I think is the active config.sys when I run DOS - or is it?)
Can all of the files under Window\temp be safely deleted, and what about all
the files in those sub-directories?

Again - thanks for any suggestions. OM

C:\WINDOWS\TEMP
<DIR> 06-20-00 3:46p ..
VBE <DIR> 11-02-04 9:44a VBE
MSOHTML1 <DIR> 11-07-04 10:19p msohtml1
WORD8 0 <DIR> 11-13-04 12:30p Word8.0
CDDB <DIR> 11-17-04 10:33p Cddb
~EXB0000 <DIR> 12-04-04 11:28a ~EXB0000
ADOBE <DIR> 01-05-05 6:48p Adobe
{FD71A~1 <DIR> 02-04-05 10:17a
{FD71A5F8-6D54-48A5-874E-82E10C88F04D}
~EXB0001 <DIR> 03-31-05 5:01p ~EXB0001
_ISTMP0 DIR <DIR> 04-27-05 9:23p _ISTMP0.DIR
FRONTP~1 <DIR> 06-07-05 3:08p FrontPageTempDir
{5A0C8~1 <DIR> 06-08-05 9:31p
{5a0c892e-fd1c-4203-941e-0956aed20a6a}
~WKS99~1 <DIR> 06-09-05 7:00p ~WKS99TEMP
~EXB0002 <DIR> 06-19-05 4:14p ~EXB0002
~RNSETUP <DIR> 06-19-05 9:34p ~rnsetup
~DF161B TMP 15,360 07-14-05 8:50a ~DF161B.TMP
~DF125B TMP 15,360 07-14-05 4:13p ~DF125B.TMP
~DFEEA TMP 15,360 07-14-05 7:09p ~DFEEA.TMP
~DF39EE TMP 44,544 07-14-05 7:09p ~DF39EE.TMP
~DFFF16 TMP 15,360 07-14-05 10:22p ~DFFF16.TMP
~DF2906 TMP 15,360 07-15-05 7:10a ~DF2906.TMP
~DF12F0 TMP 15,360 07-15-05 10:58a ~DF12F0.TMP
~DF2A2C TMP 15,360 07-15-05 3:46p ~DF2A2C.TMP
_ISDELET INI 197 07-07-05 2:38p _isdelet.ini
~DFFC45 TMP 15,360 07-13-05 10:16p ~DFFC45.TMP
CONTROL XML 13,164 04-25-05 8:26p control.xml
DOTNETFX LOG 1,188 06-10-05 1:16p dotNetFx.log
CONFIG SYS 45 06-10-05 2:43p CONFIG.SYS
CONFIG~1 SAV 0 06-07-05 11:14p CONFIG.SAV1964
15 file(s) 182,018 bytes
16 dir(s) 4,306.69 MB free
July 16, 2005 1:35:45 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

"OM" <Nomail@msn.com> wrote in message
news:W5UBe.156430$_o.81283@attbi_s71...
>
> "Shane" <arthursixpence@hotmail.com> wrote in message
> news:qaNBe.647$s9.541@newsfe3-gui.ntli.net...
>
>> Have you installed the latest Ad-aware def file? Just maybe it's an issue
>> with the previous one. Obviously, if you haven't installed it yet, you
>> should anyhow. If the updater doesn't work, download it from the site,
>> zipped.
>>
>> Shane
>
> Just loaded Ad-Aware Def file SE1R54 14.07.2005, and guess what?
> No complaints!
>
> Thanks Shane & Mike, OM

Glad it's sorted out. Though I thought it a long shot at first, I remember a
definition update of 2 or 3 weeks ago, where it was revised within a day or
two, so I wonder if that's the one you had.

Shane
!