taking the advice of many posters in this section I decided to scan my system with this online scanner as an added security measure (already use McAfee & Norton), as I have been experiencing some unexplained crashes prior to that day (April 18).

( You can skip this into below)
Aside from their confusing site set up, which almost makes you think you have to downlaod their offline scanner -- you don't have to but they hit you on the face with it, when they take your e-mail, I had to read that page three times to figure out which button started the online scanner; sort of a hit & miss scenario uf you are new to that site.

Any way, aside from that, it downloaded something to my HD (Zone Alarm 3 did NOT detect it at High), and it started scanning my HD which has 10 Gigs of recorded data. More than one hour later @100Kbps isdn it was still going until it reached somewhere over 50,000 files -- it hung there forever.

So I had it with that session that went no where and I closed the scanner & browser; which made my system crash.

When I rebooted every time I clicked any program icon it wont start , it would just bring the properties dialog.

I decided to restart in Safemode to let windows repair itself. Whn I did this I was shocked to discover that my Safemode Windows started crashing & giving me the Blue Screen of Death:
Fatal Exception 0E at 015F:BFF9DC4B

after I pressed a key, I got yet another white error box:
Explorer has caused an invalid page fault

pressed OK,
then the same Blue Screen of Death again,

pressed a key and the same white box error for Explorer reappears!!!

then it windows just hung there with no mouse or keyboard respose.

So I did a Kevorkian "pull the plug" response. Restarted and selected safe mode...
now this time every thing went fine(No errors).

I restarted a third time in Normal mode and windows seemed to have fixed itself --finally!.

( The meat About Housecall)
this was on Apr 18 , 4 days ago, due to something inflicted on my system by Trend's Housecall.

ever since that date, I noticed my ZA warnings about direct FTP attempts have sky rockted. Which is not the kind of usual warnings ZA gives me with my surfing habits.

So yesterday I decided to do a routine clean-up of my Windows dir. just in case.
Just imagine my surprise to find a strange bogger called "Patch.exe" (122KB) in there, which brings flashbacks of the Netbus trojan server. By checking the properties I realized this is the file Trend Housecall dropped on my system undetected.

What a surprise; now we have supposed Antivirus security companies using unauthorized virus-like server files with suspicious names (like Patch.exe = a name associated with netbus trojan) WITHOUT INFORMING THE USER IN ANY SHAPE OR FORM.

So all of you out there who have used Housecall , you have a secret little FTP server on your system, that NOBODY TOLD YOU ABOUT!.

I deleted mine of course , and now 48 hours later I did not get evenn a single FTP warning or attmpt .... why do you think that is .

Of course, my gut feeling is that Patch.exe (Trend Antivirus) was the one flashing its port butt to every idiot scanning for FTP servers out there.

Trend Micro House Call really is above suspicion.
It is extremely widely used, made by a reputable company, and a great tool.

If it were to be engaged in anything illegal, it would surely be known by now.

It does plonk an incredible amount of junk on your computer, which it unfortunately fails to remove after the act.

It ought to provide people with an uninstaller.

Here's an install log. Be prepared to be amazed, and have fun...:

Installation Report: (two-phase mode)Installation Report: (two-phase mode)
Generated by InCtrl5, version 1.0.0.0
Install program:
1-13-2002 11:07 PM
Contents
Registry
Disk Contents
Ini Files
Text Files



Registry
Keys ignored: 0
(none)
Keys added: 51
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Control
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Implemented
Categories
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Implemented
Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Implemented
Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Insertable
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ProgID
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Version
HKEY_CLASSES_ROOT\CLSID\{FE8287EA-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\CLSID\{FE8287EA-5F43-11D3-ABCA-00105A5C1F46}\InprocServer32
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\TypeLib
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\TypeLib
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\HELPDIR
HKEY_CLASSES_ROOT\XSCAN.XscanCtrl.2
HKEY_CLASSES_ROOT\XSCAN.XscanCtrl.2\CLSID
HKEY_CLASSES_ROOT\XSCAN.XscanCtrl.2\Insertable
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\InstalledVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/xscan53.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/loadhttp.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/patchw32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/SYSTEM/mfc42.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/SYSTEM/msvcrt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/TmUpdate.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/tmupdate.ini
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Tsc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Tsc.ini
HKEY_LOCAL_MACHINE\Software\Symantec\IAM\HTTPConfi g\Sites\antivirus.com
Values added: 86
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61} "(Default)"
Type: REG_SZ
Data: HouseCall Besturing
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Control
"(Default)"
Type: REG_SZ
Data:
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\InprocServer32
"(Default)"
Type: REG_SZ
Data: C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\InprocServer32
"ThreadingModel"
Type: REG_SZ
Data: Apartment
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Insertable
"(Default)"
Type: REG_SZ
Data:
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\MiscStatus
"(Default)"
Type: REG_SZ
Data: 0
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\MiscStatus\1
"(Default)"
Type: REG_SZ
Data: 131473
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ProgID
"(Default)"
Type: REG_SZ
Data: XSCAN.XscanCtrl.2
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ToolboxBitmap32
"(Default)"
Type: REG_SZ
Data: C:\WINDOWS\DOWNLO~1\XSCAN53.OCX, 1
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\TypeLib
"(Default)"
Type: REG_SZ
Data: {FE8287E6-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Version
"(Default)"
Type: REG_SZ
Data: 1.0
HKEY_CLASSES_ROOT\CLSID\{FE8287EA-5F43-11D3-ABCA-00105A5C1F46} "(Default)"
Type: REG_SZ
Data: Xscan Eigenschappenpagina
HKEY_CLASSES_ROOT\CLSID\{FE8287EA-5F43-11D3-ABCA-00105A5C1F46}\InprocServer32
"(Default)"
Type: REG_SZ
Data: C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF} "(Default)"
Type: REG_SZ
Data: IEnumParam
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\ProxyStubClsid
"(Default)"
Type: REG_SZ
Data: {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\ProxyStubClsid32
"(Default)"
Type: REG_SZ
Data: {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\TypeLib
"(Default)"
Type: REG_SZ
Data: {FE8287E6-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\Interface\{7D0CAEAB-2D0B-11D2-8010-00104B690DCF}\TypeLib
"Version"
Type: REG_SZ
Data: 1.0
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46} "(Default)"
Type: REG_SZ
Data: _DXscan
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid
"(Default)"
Type: REG_SZ
Data: {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid32
"(Default)"
Type: REG_SZ
Data: {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\TypeLib
"(Default)"
Type: REG_SZ
Data: {FE8287E6-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\Interface\{FE8287E7-5F43-11D3-ABCA-00105A5C1F46}\TypeLib
"Version"
Type: REG_SZ
Data: 1.0
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46} "(Default)"
Type: REG_SZ
Data: _DXscanEvents
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid
"(Default)"
Type: REG_SZ
Data: {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\ProxyStubClsid32
"(Default)"
Type: REG_SZ
Data: {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\TypeLib
"(Default)"
Type: REG_SZ
Data: {FE8287E6-5F43-11D3-ABCA-00105A5C1F46}
HKEY_CLASSES_ROOT\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}\TypeLib
"Version"
Type: REG_SZ
Data: 1.0
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0 "(Default)"
Type: REG_SZ
Data: xscan OLE Control module
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\0\win32
"(Default)"
Type: REG_SZ
Data: C:\WINDOWS\DOWNLOADED PROGRAM FILES\XSCAN53.OCX
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\FLAGS
"(Default)"
Type: REG_SZ
Data: 2
HKEY_CLASSES_ROOT\TypeLib\{FE8287E6-5F43-11D3-ABCA-00105A5C1F46}\1.0\HELPDIR
"(Default)"
Type: REG_SZ
Data: C:\WINDOWS\DOWNLOADED PROGRAM FILES
HKEY_CLASSES_ROOT\XSCAN.XscanCtrl.2 "(Default)"
Type: REG_SZ
Data: HouseCall Besturing
HKEY_CLASSES_ROOT\XSCAN.XscanCtrl.2\CLSID "(Default)"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_CLASSES_ROOT\XSCAN.XscanCtrl.2\Insertable "(Default)"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61} "Installer"
Type: REG_SZ
Data: MSICD
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61} "SystemComponent"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\Downloaded Program Files\xscan53.ocx"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\loadhttp.dll"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\patchw32.dll"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\SYSTEM\mfc42.dll"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\SYSTEM\msvcrt.dll"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\TmUpdate.dll"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files
"C:\WINDOWS\tmupdate.ini"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files "C:\WINDOWS\Tsc.exe"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\Contains\Files "C:\WINDOWS\Tsc.ini"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation "CODEBASE"
Type: REG_SZ
Data:
http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation "INF"
Type: REG_SZ
Data: C:\WINDOWS\Downloaded Program Files\xscan.inf
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\InstalledVersion "(Default)"
Type: REG_SZ
Data: 5,50,0,1650
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\InstalledVersion "LastModified"
Type: REG_SZ
Data: Wed, 19 Dec 2001 06:58:50 GMT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/xscan53.ocx ".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/xscan53.ocx "{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/loadhttp.dll
".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/loadhttp.dll
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/patchw32.dll
".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/patchw32.dll
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/SYSTEM/mfc42.dll
".Owner"
Type: REG_SZ
Data: Unknown Owner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/SYSTEM/mfc42.dll
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/SYSTEM/msvcrt.dll
".Owner"
Type: REG_SZ
Data: Unknown Owner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/SYSTEM/msvcrt.dll
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/TmUpdate.dll
".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/TmUpdate.dll
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/tmupdate.ini
".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/tmupdate.ini
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Tsc.exe
".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Tsc.exe
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Tsc.ini
".Owner"
Type: REG_SZ
Data: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Tsc.ini
"{74D05D43-3236-11D4-BDCD-00C04F9A3B61}"
Type: REG_SZ
Data:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\Downloaded Program Files\xscan53.ocx"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\loadhttp.dll"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\patchw32.dll"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\TmUpdate.dll"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\tmupdate.ini"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\Tsc.exe"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\Tsc.ini"
Type: REG_DWORD
Data: 01, 00, 00, 00
Values changed: 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\SYSTEM\MFC42.DLL"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 07, 00, 00, 00
New data: 08, 00, 00, 00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs
"C:\WINDOWS\SYSTEM\MSVCRT.DLL"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 0B, 00, 00, 00
New data: 0C, 00, 00, 00
To Contents



Disk contents
Drives tracked: 1
c:\
Folders added: 3
c:\WINDOWS\AUBackup
c:\WINDOWS\AUBin
c:\WINDOWS\TEMP\XScanResult
Files added: 31
c:\AUTOEXEC.CAM
Date: 1-13-2002 7:16 PM
Size: 357 bytes
c:\WINDOWS\AuData.txt
Date: 10-8-1999 4:25 PM
Size: 27 bytes
c:\WINDOWS\BPM95.dll
Date: 10-25-2001 7:56 PM
Size: 47.104 bytes
c:\WINDOWS\loadhttp.dll
Date: 2-12-2001 5:20 PM
Size: 77.824 bytes
c:\WINDOWS\lpt$vpn.199
Date: 1-9-2002 6:53 PM
Size: 5.046.416 bytes
c:\WINDOWS\MEMBOOT.DLL
Date: 10-28-1998 4:00 PM
Size: 25.600 bytes
c:\WINDOWS\PATCH.EXE
Date: 1-13-2002 10:57 PM
Size: 122.937 bytes
c:\WINDOWS\patchw32.dll
Date: 12-8-1999 12:57 PM
Size: 164.864 bytes
c:\WINDOWS\TmUpdate.dll
Date: 2-12-2001 5:21 PM
Size: 221.247 bytes
c:\WINDOWS\tmupdate.ini
Date: 1-13-2002 10:57 PM
Size: 261 bytes
c:\WINDOWS\Tsc.exe
Date: 12-17-2001 10:50 AM
Size: 194.843 bytes
c:\WINDOWS\Tsc.ini
Date: 1-13-2002 10:58 PM
Size: 615 bytes
c:\WINDOWS\TSC.LOG
Date: 1-13-2002 10:58 PM
Size: 143 bytes
c:\WINDOWS\UNZIP.DLL
Date: 1-13-2002 10:57 PM
Size: 49.209 bytes
c:\WINDOWS\VPTNFILE.199
Date: 1-9-2002 6:53 PM
Size: 5.046.416 bytes
c:\WINDOWS\vsapi32.dll
Date: 10-25-2001 7:56 PM
Size: 794.112 bytes
c:\WINDOWS\ZLIB.DLL
Date: 1-13-2002 10:57 PM
Size: 69.687 bytes
c:\WINDOWS\Application Data\Thornsoft
Development\ClipMate5\Short-Term\D11057.DAT
Date: 1-13-2002 10:58 PM
Size: 16.153 bytes
c:\WINDOWS\AUBin\AUAction.dll
Date: 7-23-1999 10:53 AM
Size: 129.536 bytes
c:\WINDOWS\AUBin\patch.exe
Date: 1-13-2002 10:57 PM
Size: 122.937 bytes
c:\WINDOWS\AUBin\patch.ini
Date: 1-13-2002 10:58 PM
Size: 441 bytes
c:\WINDOWS\AUBin\Patch.lst
Date: 1-13-2002 10:58 PM
Size: 138 bytes
c:\WINDOWS\AUBin\patchDLL.ini
Date: 7-23-1999 1:46 PM
Size: 116 bytes
c:\WINDOWS\AUBin\Patchdmp.txt
Date: 1-13-2002 10:58 PM
Size: 1.831 bytes
c:\WINDOWS\AUBin\unzip.dll
Date: 1-13-2002 10:57 PM
Size: 49.209 bytes
c:\WINDOWS\AUBin\zlib.dll
Date: 1-13-2002 10:57 PM
Size: 69.687 bytes
c:\WINDOWS\Downloaded Program Files\xscan.inf
Date: 12-19-2001 9:46 AM
Size: 1.805 bytes
c:\WINDOWS\Downloaded Program Files\xscan53.ocx
Date: 12-19-2001 9:51 AM
Size: 373.248 bytes
c
To Contents



INI file
Ini files tracked: 4
C:\msdos.sys
c:\windows\control.ini
c:\windows\system.ini
c:\windows\win.ini
To Contents



Text file
Text files tracked: 2
C:\autoexec.bat
C:\config.sys
To Contents



InCtrl5, Copyright © 2000 by Ziff Davis Media, Inc.
Written by Neil J. Rubenking
First published in PC Magazine, December 5, 2000.

do we have a translator for this one

Click here (http://www.zdnet.de/itsupport/virencenter/news/2002/03/20020314zd_01-wc.html)




Thanks
Mac!!!

This Is just my opinion
So if it stinks wait for another one
Cause I'm no expert

<a target="_blank" href=http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_FBOUND.B>yes we do</a>

However, House Call also installs a Patch.exe file, wich is why I was wrongfooted.

This file of yours may be the virus from the article, or it may be totally unrelated and a different b*gger.

Tony
thanks for the detailed analysis there , it does provide a lot of info about Housecall's dirty laundry.
Even though their scanner may be harmless compared to a real trojan or virus but it really is another "system spamming utility" as long as it does not clean up after itself ; or offers the user the option at least.
In this case the user didn't even get a notice that permenant changes were to be made , and that some files have the same name as a couple of trojans out there --this at minimum should have been made clear to the user to avoid confusion.
The other side of this argument is; why would Trend use such a suspicious name as "patch.exe" for the file instead calling it by their name (i.e. Trendscan.exe etc...).

And even if we assume the file name was fine, that still doesn't explain the frequent FTP attempts that were brought to a halt by removing just this file. I am not a networking expert but it must have been keeping my FTP port listening and visible to every scanner hopping thru my ip range. So it caught their attention and they gave it a shot.

I admit I have not been good with words in my previous message , and may have had things mixed up, but I have no doubt that Trend's Patch.exe was the one responsible for my troubles.

I have nothing against Trend, I think they are a good company, but this is not the way to do business ... they will loose potential customers that way until this is taken care of.

I for one would prefer paying money for a reasonable scanner that does not put junk on my system, rather than use a rock-solid free scanner that modifies my system and leaves junk all over .

Finally, I would like to remind the people of the PC-Celin vs CIH virus fiasco. PC Celin did not prevent that virus from doing the deed until it became widespread around the world. Then they came up with a patch....

Give me a break, guys! What do you expect, when you download a virus scanner?? Hopefully, it will take more than a few files to scan your entire PC for viruses. At least, I sure hope so.

The first scan only, is when it downloads all the files it needs. After the first visit, it downloads updates, etc. and only takes a short time. I've NEVER heard anyone complain that Trend's online scan caused problems...until now that is.

It's the most highly recommended online AV scan, because it's more thorough and reliable than others. That's the site ppl. are usually directed to when there's a suspicion they may have a virus.

I use it all the time, and I saw no difficulty getting to the scanner or anything like you mentioned, such as poppin' in your face, etc. I used to spend a lot of time on an AV forum, and I never saw one complaint.

This takes you right where you need to go:
Housecall Virus scan
http://housecall.antivirus.com/

It's been a godsend to a lot of people. I've gone to another website, and it only scanned half as many files as this one.

I'm sorry, but it's getting bad when we get suspicious of a good AV site...

Carol

well it didn't crash on your PC, it crashed on mine, thus I am entitled to my own opinion. I do not expect people to agree with me when I post some thing. Only to let others know what my experience was ... they can make up their own mind.
I also hope this discussion catches the attention of Trend to improve their product handling of this left over junk issue. At least they ought to give the user a list of the files that have been modified so the user could restore those manually at a later time if a problem shows up.

<blockquote><font class="small">In reply to:</font><hr>

Give me a break, guys! What do you expect, when you download a virus scanner??

<hr></blockquote>

Carol,

I would expect them to provide an uninstaller, instead of cluttering your hard drive to such an extent without telling you.

As I said, I have no trouble with Trend Micro itself.

That's the way those online scans work. There are a lot of files left behind. Those trial AV programs install tons of extra garbage....but they're much worse.

Really, when you think about it, it's not a typical program, so what's to uninstall? It's not listed in Add/Remove.

I have an older comp, and I don't have any problems, because of those files on my hard drive. I clear out the temps created, and just don't worry about the rest. They're there for the next time I do a scan...

Later,
Carol

Carol,

I don't see your point:

It is exactly like any typical program, in that it adds a lot of stuff to your registry (among other things), but on the other hand it doesn't have the good manners to provide an uninstaller.

Of course it isn't listed in the Software list, but at least Trend Micro could provide a record of files and registry keys added, or offer an uninstaller to be downloaded separately.

The fact that other programs could possibly be worse is neither here nor there.

I'm interested in keeping my registry as trim as I possibly can, and so should you : it's of major importance if you'd like to keep your computer from getting sluggish.

Tony,

I guess we just look at it differently. My saying it isn't a typical program, meant, "I did not install it" like a regular program...I only downloaded the files for the scan.

I have files in my registry for other programs, and I'll use them again, so....

I do keep my registry clean, but I don't remove things that will be used again. Anyway, I guess to me, the good outweighs the bad, in this case. I think it's great just to be able to get a free online scan.

Take care,
Carol

Tony,

I understand your point completely, but you were provided with a dialog box asking your permission, weren't you?

Basically the same as Shockwave and/or Flash "install". The C:\WINDOWS\Downloaded Program Files directory has long baffled me. I don't understand why these controls (ocx's) can't be installed normally in the c:\windows\system directory. You can't unrgister them in the normal way.

When I read the Incontrol report, you see that ALL "installs" of this type end up here:
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage

and

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs

To get rid of this type of "insallation", you need to go to the C:\WINDOWS\Downloaded Program Files directory, right-click on the entries, and choose Remove. Now you know that any novice user will not know or understand this, so the junk accumulates. But that doesn't usually remove everything either, you have to manually delete the entries under the HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution
Units key.

That's why I disapprove of this type of "installation". I mean, look at the other junk that accumulates here...All kinds of Chat, Games, Comet Cursor, Gator, those "dialers", etc.

Personaly, I'd never use the online scan feature due to these reasons.

When things really go wrong with these type of "installs", you end up with a totally hidden directory named conflict.1 under the C:\WINDOWS\Downloaded Program Files directory. To check for this, go to Start&gt;Programs&gt;MS-DOS Prompt and type the following:

At the C:\WINDOWS&gt; prompt:

cd downlo~1 &lt;and hit Enter&gt;

C:\WINDOWS\Downloaded Program Files&gt;

dir &lt;and hit Enter&gt;

Post back with the list. click the Mark button, then select the test, then open Notepad and paste the text into it.

Now type:
cd conflict.1 &lt;and hit Enter&gt;

If you get an invalid directory response, that's good. If you don't, you need to go to pure DOS and delete all the extra "damaged" entries. This is why I keep the old Doshell program from Windows 3.11. It's so easy to navigate the directories

I'll bet you many people have this on their computer, and will never no. I'll also bet that it can cause so much damage, that people have had to re-install or reformat their hard drive and re-install Windows.

<font color=red>I'm asking anyone who reads this to take the challange and see what they find and post back with the results.</font color=red>

reghakr

Reghakr,

You bet I was provided with a dialog box asking permission, but it didn't tell me what it wanted permission for... LOL

However, I had a hunch I'd better run InCtrl5 in order to track it.

I hate it when unneeded data are added to my registry and not knowing what exactly they are, and whether they might possible create problems or conflicts.

This downloaded program files folder is bizarre indeed.

I noticed that Windows Commander shows all files revealed at a Dos prompt, while Windows Explorer hides a third of them, even with 'show all files' checked, incidentally.

There are a couple other Explorer Replacements that view the directory in it's true form. One is freeware named <a target="_blank" href=http://www.totalshareware.com/asp/detail_view.asp?application=24638>EF Commander Lite</a>

Another freeware:
<a target="_blank" href=http://www.geocities.com/TeamMukippe/index_eng/index_eng.htm>File master Pro</a>

At one time I had a whole list, I'll have to look for it.
Here's another, but it's shareware:

http://www.totalshareware.com/asp/list_view.asp?catid=317 (http://www.totalshareware.com/asp/detail_view.asp?application=843>Halworks</a>

For)

reghakr

thanks reghakr
It can be accessed on the fly from the TIF &gt;Settings&gt;View Objects as well.

I did not get any dialog asking my permission with HC scan , I am sure.

What do you think of PowerDesk 4, my favorite one.

I really llike PowerDesk. I purchased 4.0 for $9.95 through a special magazine offer. Then I just upgraded to PowerDesk Pro 5.0 With all the Quick View Plus Viewers , it's worth it.

If you didn't get a dialog box, go to Tools&gt;Internet Options, click the Security tab, then the Custom Level button and make sure Prompt is checked under "Download signed ActiveX Controls.

reghakr

Reghakr,

I like challenges...I've gotten rid of quite a few of those ActiveX controls along the way, but this is what I came up with.

PAV DLL 40,960 10-11-01 9:17a PAV.dll
PCPAV INF 684 10-11-01 9:10a PCPAV.inf
PCDRCOM DLL 40,960 07-25-01 3:50p pcdrCom.dll
PCDRCOM INF 1,160 07-19-01 9:37a PCDrCom.inf
RUFSI DLL 102,800 03-19-01 6:13p rufsi.dll
RATECHK DLL 57,816 07-13-00 4:21p ratechk.dll
BVINETIO DLL 86,488 07-13-00 4:21p bvinetio.dll
CABSA INF 564 03-19-01 6:14p CabSA.inf
XSCAN53 OCX 373,248 12-19-01 9:51a xscan53.ocx
XSCAN INF 1,805 12-19-01 9:46a xscan.inf
NAVAPI VXD 6,854 01-12-00 4:07p navapi.vxd
NAVAPI32 DLL 208,896 01-12-00 3:53p navapi32.dll
AVSNIFF DLL 131,072 08-03-01 4:48p avsniff.dll
AVSNIFF INF 626 08-03-01 4:47p AvSniff.inf
ERMA INF 1,268 12-12-01 12:38p erma.inf
MICROS~1 OSD 1,162 01-20-00 3:25p Microsoft XML Parser for Java.osd
UCREN-US DLL 22,800 10-28-01 8:15p UCRen-us.dll
MSNUPLD DLL 211,552 11-02-01 12:14p MsnUpld.dll
MSNUPLD INF 406 10-28-01 7:28p MsnUpld.inf
MAILCFG DLL 71,088 11-20-00 6:04p MailCfg.dll
SWFLASH INF 4,278 03-11-02 5:13p swflash.inf
45 file(s) 5,248,292 bytes
2 dir(s) 661,291,008 bytes free

C:\WINDOWS\Downloaded Program Files&gt;

Carol

I have things either enabled or disabled, but no prompts because it gets reall annoying specially while reading forum messages ...

by the way, regarding the Downloaded Program Files folder, Lop.com & 3rd voice have been known to drop in there!

(not to be confused with normally downloaded files folders by newbie internet surfers.)

Carol,

I had Rufsi.dll, Ratechk.dll, and bvinetio.dll (rather like the 3 Musketeers, don't you think ;)) myself as well, but got rid of them as, after looking for them in the registry, they turned out to belong to a previous Norton installation.
Afterwards, RegClean found a host of orphaned Registry keys and values belonging to those three items, so if you decide to get rid of them, why not run the program: if you use it regularly, you do help preventing your Registry from becoming too big.

I do go over them every now and then and get rid of what I'm certain isn't needed any more.

This is my list:

IKCNTRLS INF 319 26-03-97 12:48 IKCNTRLS.INF
ACTSETUP INF 347 24-10-01 18:29 actsetup.inf
INTERN~1 OSD 562 16-04-99 4:30 Internet Explorer Classes for Java.osd
DIRECT~1 OSD 697 14-10-97 18:52 DirectAnimation Java Classes.osd
IETIMER INF 392 16-10-96 19:02 ietimer.INF
IETIMER OCX 69.392 16-10-96 9:26 ietimer.ocx
IKMENU OCX 26.112 27-03-97 8:37 ikmenu.ocx
MICROS~1 OSD 1.162 20-01-00 15:25 Microsoft XML Parser for Java.osd
OPUC INF 226 11-09-01 17:55 opuc.inf
QTPLUGIN INF 214 21-09-01 15:01 QTPlugin.inf
WUCORPCT INF 223 31-08-00 22:59 wucorpct.inf
ERMA INF 1.268 12-12-01 12:38 erma.inf
GOOGLE~2 DLL 397.312 25-02-02 18:51 GoogleToolbar_en_1.1.54-deleon.dll
SWFLASH INF 4.278 11-03-02 17:13 swflash.inf
QUICKT~1 QDA 4.710.058 23-04-02 23:32 QuickTimeInstallCache.qdat

Other things may possibly go as well, but none of them seem to be creating conflicts.
The Quicktime qdat file's huge, by the way, and is a
recent addition.

Windows tells me the Google ActiveX element is 'damaged', but its status doesn't change if I remove it, uninstall the Google toolbar and reinstall it again.

No problems though, so I tend to leave it at that.

Carol,

The only ones familiar to me are:
NAVAPI VXD=Norton AV
NAVAPI32 DLL=Norton AV
ERMA INF=Shockwave 8.5 Installer Cab File
MICROS~1 OSD=Microsoft XML Parser for Java
SWFLASH INF=Shockwave flash Installer

The others...NO CLUE

Did you try cd conflict.1?

reghakr

Tony,

I had posted what showed 'before' removing anything in the list, so as not to cheat. /images/forums/icons/laugh.gif I thought that was the idea?

I have since removed PC Pitstop diag. ActiveX and a couple others.

Carol

Reghakr,

I had checked the properties on each one. There were a couple referring to PC Pitstop online diagnostics. Also, one is Windows Update Engine? I didn't know that would be in there. One is MSN Upload Control. I use MSN Explorer and had downloaded an update. Plus, I have a Mail Configure Class.

Carol

I still have the files from Housecall's Online Scan, then I don't have to go through the long download next time. Btw, I only have 7 ActiveX Controls now, the orginal post I had 11.

VIRSCAN8 DAT 440,006 12-13-01 1:00a virscan8.dat
VIRSCAN9 DAT 334,631 12-13-01 1:00a virscan9.dat
ZDONE DAT 224 12-13-01 1:00a zdone.dat
VIRSCAN INF 106,236 12-13-01 1:00a virscan.inf
SCRAUTH DAT 42,752 12-13-01 1:00a scrauth.dat
TINF DAT 453 12-13-01 1:00a tinf.dat
TINFIDX DAT 148 12-13-01 1:00a tinfidx.dat
TINFL DAT 1,957 12-13-01 1:00a tinfl.dat
TSCAN1 DAT 4,792 12-13-01 1:00a tscan1.dat
TSCAN1HD DAT 1,179 12-13-01 1:00a tscan1hd.dat
SYMAVENG INF 925 12-13-01 1:00a symaveng.inf
SYMAVENG CAT 7,485 12-13-01 1:00a symaveng.cat
XSCAN53 OCX 373,248 12-19-01 9:51a xscan53.ocx
XSCAN INF 1,805 12-19-01 9:46a xscan.inf
ERMA INF 1,268 12-12-01 12:38p erma.inf
MICROS~1 OSD 1,162 01-20-00 3:25p Microsoft XML Parser for Java.osd
UCREN-US DLL 22,800 10-28-01 8:15p UCRen-us.dll
MSNUPLD DLL 211,552 11-02-01 12:14p MsnUpld.dll
MSNUPLD INF 406 10-28-01 7:28p MsnUpld.inf
MAILCFG DLL 71,088 11-20-00 6:04p MailCfg.dll
SWFLASH INF 4,278 03-11-02 5:13p swflash.inf

I forgot to answer your question. Yes, I tried the cd conflict.1. No conflicts....

OK Reghakr,
I think I found a bees nest under there.
Most of the names listed seem familiar to me but there are some I can't figure out to what plug-in they belong. You will notice the "conflict.1" folder is already listed.
If any one knows/ wants to take a shot at identifying some of these; be my guest:

WIN32C~1 OSD 519 10-15-97 2:55p Win32 Classes.osd
CONFLICT 1 &lt;DIR&gt; 03-12-02 6:20a CONFLICT.1
a 3vicd.inf01:4 09-27-99 600,3VICD INF 14
QTPLUGIN INF 214 09-21-01 3:01p QTPlugin.inf
p Microsoft XML Parser for Java.osd25:3 01-20-00 162,MICROS~1 OSD 1
p swflash.inf46:1 11-27-00 286,SWFLASH INF 4
a Download_Plugin.exe35:10 03-07-02 920,DOWNLO~1 EXE 102
DIRECT~1 OSD 697 10-14-97 6:52p DirectAnimation Java Classes.osd
ACTSETUP INF 347 10-24-01 5:45p actsetup.inf
a pertauto.inf33:10 03-21-97 074,PERTAUTO INF 1
LIGHT GIF 245 12-27-99 11:09a light.gif
a logo.gif35:10 02-08-00 119,LOGO GIF 2
O_WEBS~1 HTM 779 01-20-00 7:14p o_website_empty.html
p o_topnav.html26:7 01-26-00 021,O_TOPN~1 HTM 1
O_TITL~1 HTM 637 01-20-00 7:14p o_title.html
O_SPON~1 HTM 334 02-07-00 6:18p o_sponsor.html
O_WEBS~1 HTM 779 01-20-00 7:14p o_website_empty.html
p o_topnav.html26:7 01-26-00 021,O_TOPN~1 HTM 1
O_TITL~1 HTM 637 01-20-00 7:14p o_title.html
O_SPON~1 HTM 334 02-07-00 6:18p o_sponsor.html
O_SPLA~1 HTM 915 01-20-00 7:14p o_splash.html
O_SITE~1 HTM 326 12-30-99 12:05p o_site_info.html
O_SAVE~1 HTM 321 12-30-99 12:05p o_saved_info.html
O_NAV~1 HTM 436 12-30-99 12:05p o_nav.html
p o_main.css18:6 02-07-00 754,O_MAIN CSS 3
O_LOGO~1 HTM 411 12-30-99 12:05p o_logo.html
p help.html35:5 01-31-00 069,HELP~1 HTM 7
O_BLAN~1 HTM 291 12-30-99 12:05p o_blank_info.html
p o_botnav.html26:7 01-26-00 650,O_BOTN~1 HTM 2
p o_alma.js05:12 12-30-99 553,O_ALMA JS 4
p index.html26:7 01-26-00 476,INDEX~1 HTM 1
p swdir.inf16:1 12-05-00 669,SWDIR INF 7
p MCC.inf20:6 02-07-00 139,MCC INF 2
a xscan53.ocx51:9 12-19-01 248,XSCAN53 OCX 373
a xscan.inf46:9 12-19-01 805,XSCAN INF 1
bytes 017,30 file(s) 538
MB free 06.800,3 dir(s) 6


doing a cd conflict.1 and typing DIR shows 0 files (under DOS Prompt).
I'll have to try this later under true DOS.

Just one thing I don't get, why does it say "files 538" in that folder, I only see 34 ?.

Aside from the obvious ones, "a 3vicd.inf" = third voice

but I have no idea what these are:
PERTAUTO.INF
p o_alma.js

Thanks for giving it a try, I wish more would give it a shot.

I don't know what the following are, you'll need to look at the properties or open the .html files looking at the source.

3vicd.inf
pertauto.inf
LIGHT GIF
a logo.gif
O_WEBS~1 HTM
o_website_empty.html
o_topnav.html
O_TITL~1 HTM
O_SPON~1 HTM
o_sponsor.html
O_WEBS~1 HTM
o_website_empty.html
o_topnav.html
O_TITL~1 HTM
O_SPON~1 HTM
o_sponsor.html
O_SPLA~1 HTM
O_SITE~1 HTM
o_site_info.html
O_SAVE~1 HTM
o_saved_info.html
O_NAV~1 HTM
p o_main.css
O_LOGO~1 HTM
p help.html
O_BLAN~1 HTM
o_blank_info.html
o_botnav.html
o_alma.html
MCC.inf
a xscan53.ocx
xscan.inf

At the C:\WINDOWS\Downloaded Program Files&gt; prompt, type:
deltree conflict.1

reghakr

Well, xscan53.ocx and xscan.inf are from Trend Micro House Call.

The others, no idea really. Funny: they're all htm and html files, so I wonder what they're doing in there.

It should be possible to determine where they're from just by viewing them.

Opening Pertauto.inf and 3vicd.inf in Notepad also ought to tell you a little more.

As for my own list, I further trimmed it down by eliminating the Iconic controls ikcntrls.inf, ietimer.inf, ietimer.ocx, and ikmenu.ocx, and I'm still alive!

No Conflict.1 folder for me either, I'm happy to say.

Tony,

Regarding those files that that we posted...are they ALL related to those Downloaded Program files? The reason I ask, is that I have other ActiveX Controls, via a find for *.ocx, but they're not listed under 'View Objects'. Such as Cresendo, which is an ActiveX I have installed, but it is isn't listed in the Dl Prog. files.

Do I make sense? LOL I only find 22 OCX files, and a number of them are MS. There's a Calendar Control, plus I find a Gif.ocx, but it didn't show up on that list I posted, and there are a few others....

Carol

Carol,

I thought we were posting only the contents of the Downloaded Program Files folder?

I happen to have 79 *.ocx files myself, and most of them are in Windows\System.

About the why's and how's of that, I'm afraid I'm not much help, and we should wait for Reghakr or someone else to enlighten us.

By the way, found this MS article:

<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;en-us;Q196150>INFO: Why CONFLICT Directories Are Created During Code Download (Q196150)</a>

SUMMARY
There are certain situations during code download (usually associated with installing an ActiveX control referenced in an &lt;OBJECT&gt; tag) where a Conflict subdirectory is created in the Downloaded Program Files folder. After it is created, the Conflict directory is used as the destination directory for the file installation.

MORE INFORMATION
Internet Explorer performs the following checks on all downloaded files that are associated with an ActiveX control (Basically, all files listed in the [Add.Code] section):

Is a file of the same name already in Downloaded Program Files?

Is the CLSID of the main component (from the &lt;OBJECT&gt; tag) different from that of the previously installed component that caused the download of this file.

One of the following:

The file itself has no CLSID.

The file itself has a main CLSID, but it is different from the CLSID of the file that was already in Downloaded Program Files.

If the answer to all three questions is Yes for any one file, a unique subdirectory is created named CONFLICT.x, where .x is a unique number. All files in the [Add.Code] sections that were supposed to appear in the Downloaded Program Files folder are installed in the Conflict directory.

And noticed this in <a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;EN-US;q154850>How to Remove an ActiveX Control in Windows (Q154850)</a> :

"The following ActiveX controls should not be removed if you are running Internet Explorer 4:

DirectAnimation Java Classes
Internet Explorer Classes for Java
Microsoft XML Parser for Java
Win32 Classes

Internet Explorer 5 does not require these components in the Downloaded Program Files files."

3 less items in DPF for me, then. :)

Tony,

Yes, I was posting only things from the Downloaded programs folder....the list that showed up following Reghakr's instructions. I knew I'd confuse you....don't always make myself clear.

I'm just wondering why, for instance, Cresendo Midi Player isn't listed in that folder or on the list, plus some other OCX's.

Carol

Reghakr,

I did a Google search and learned that all of the files below pertain to Norton. How do I get rid of them all?

VIRSCAN7 DAT 309,247 12-13-01 1:00a virscan7.dat
VIRSCAN8 DAT 440,006 12-13-01 1:00a virscan8.dat
VIRSCAN9 DAT 334,631 12-13-01 1:00a virscan9.dat
ZDONE DAT 224 12-13-01 1:00a zdone.dat
VIRSCAN INF 106,236 12-13-01 1:00a virscan.inf
SCRAUTH DAT 42,752 12-13-01 1:00a scrauth.dat
TINF DAT 453 12-13-01 1:00a tinf.dat
TINFIDX DAT 148 12-13-01 1:00a tinfidx.dat
TINFL DAT 1,957 12-13-01 1:00a tinfl.dat
TSCAN1 DAT 4,792 12-13-01 1:00a tscan1.dat
TSCAN1HD DAT 1,179 12-13-01 1:00a tscan1hd.dat
SYMAVENG INF 925 12-13-01 1:00a symaveng.inf
SYMAVENG CAT 7,485 12-13-01 1:00a symaveng.cat

Well, the thing to do is to go to your Windows\Downloaded Program Files folder, right-click the ActiveX control you want to remove, and then click Remove.

Tony,

I know that, and I've done it. I think you're misunderstanding me. :)

That didn't get rid of those Norton entries. I thought maybe Reghakr could clarify that for me.

Carol

Sorry Carol,

This thread is getting lengthy...

I don't know what to say about that. It's never happened to me.

Carol,

Truthfully, I don't know whty the Crescendo ActiveX Control wouldn't be listed under the Downloaded Program Files directory.

I went to Crescendo's main site, chose Cancel for the ActiveX Control installtion (Sorry, hate midi music), yet the midi played perfectly fine without adding the control in the embedded Windows Media Player.

You can remove every single entry under the Downloaded Program Files directory and it will do no harm whatsoever.

You simply visit the site and have it downlaod again, if you so choose.

Tony's first article regarded programming of IE. It didn't mention anything about what a user should do with it if i exists. Microsoft has never answered my queiries regarding this strange directory. Why is it hidden so carefully?

If after removing those entries by right-clicking and choosing Remove, you may also need to go into the registry and delete the entries under the
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units key.

Or you may have to delete them from the DOS Prompt or pure DOS if neccessary.

This is still confusing to me, I don't have all the answers. Hope this helps somewhat.

reghakr

I re-tried that under pure DOS, the CONFLICT.1 dir is empty, and it gave me the same result DPF folder except the file number was correct around 30 files (not 538 like the DOS prompt was reporting under windows). It may be because I've been having a little problem in the last couple of weeks getting the DOS Prompt to display properly -- some times it gets too tall to fit on my 800x600 screen.
Now it seem to have fixed itself as far as size is concerned. But for some reason I cannot run Borland CPP , it just keeps quiting on me.

I was going to browse those DPF files when I find some ample time to go thru them so bare with me a while since I don't have QuickView 6 installed right now. Had to uninstall it because it was interferring with screen saver activation believe it or not. I might just try powerdesk instaed.

Reghakr,

Thank you much for your reply, and for the tip on how to track these things down. It's quite interesting.

It also came to me that Cresendo was listed in Add/Remove. I'd forgotten I'd replaced the other download with this one.

I do know that you can safely remove any of those ActiveX controls, and this is all I have left. (just to show you) I just don't understand why those Norton files still show up in that DOS Window.

CV3 Class
Microsoft XML Par..
MNN File Upload Ctrl.
Shockwave ActiveX
Shockwave Flash Object

I discovered a couple Symantec Anti-Virus folders in my registry and deleted them. That list of Norton files still shows up. I DID have a couple Symantec ActiveX Controls, but I had removed them after I posted that list. Plus, I'd removed references in the keys that you mentioned.

I have no problems, so that's not an issue. I'm just going to do some more searches in my registry. I like to get to the bottom of things.

Thank you again for your time!
Carol

well heres my list. "" around those i dont recognize

"RUFSI DLL 102 800 19.03.01 18:13 rufsi.dll"
"RATECHK DLL 57 816 13.07.00 16:21 ratechk.dll"
"BVINETIO DLL 86 488 13.07.00 16:21 bvinetio.dll"
"CABSA INF 564 19.03.01 18:14 CabSA.inf"
"YACSCOM DLL 237 568 18.10.00 12:06 yacscom.dll"
"YACSCOM INF 233 18.10.00 12:08 yacscom.inf"
CHATSP~1 OSD 572 31.08.01 11:39 ChatSpace Java Client 2.1.0.89.osd
CHATSP~2 OSD 575 14.05.01 13:30 ChatSpace Java Client 2.1.0.84N.osd
"CPSURVID DLL 49 152 11.10.00 16:49 CPSurVid.dll"
"MSSURVID OCX 110 592 11.10.00 16:49 MSSurVid.ocx"
"MSSURVID INF 302 06.02.01 11:30 MSSurVid.inf"
"OUTSIDE OCX 86 016 05.02.01 16:50 Outside.ocx"
"OUTSIDE INF 189 06.02.01 11:30 Outside.inf"
DIGICH~1 OSD 1 813 20.04.01 11:19 DigiChat Applet.osd
YAHOO!~4 OSD 530 15.05.02 2:54 Yahoo! Poker.osd
"FLIPSI~1 OCX 114 851 26.02.01 13:49 FlipsideWebLauncherControl.ocx"
YAHOO!~5 OSD 532 15.05.02 2:15 Yahoo! Hearts.osd
YAHOO!~6 OSD 538 15.05.02 2:25 Yahoo! Blackjack.osd
YAHOO!~7 OSD 530 15.05.02 3:39 Yahoo! Bingo.osd
QTPLUGIN INF 214 21.09.01 15:01 QTPlugin.inf
GOOGLE~2 DLL 413 696 10.07.02 19:59 GoogleToolbar_en_1.1.58-deleon.dll

i tried youre other dos command and got invalid directory, so thats good