Guided Help - Does this mean anything to anyone?

[d362636]

I just recently had something very odd happen to me. Upon reboot, a
Command Prompt opened up and started deleting virtually everything in
my profile. It got through almost everything before I was able to kill
the window. It deleted everything on my desktop, half of what was is my
"My Documents" folder, everything in the "Application Data" folder,
etc. Noticing an odd folder in my Program Files folder, ACW, I took a
quick look. Apparently it was installed by that "Guided Help" thing as
I had used it to re-create the "Show Desktop" link on the Quick Start
menu(oh yeah, it deleted everything there too). What's curious is the
XML file it left behind. Here's how it reads"

<configuration caseSensitive="no">
<name>ACWExt</name>
<description>
</description>
<lastModifiedBy>REDMOND\kima</lastModifiedBy>
<lastModifiedDate>2006-04-05T15:29:00</lastModifiedDate>
-
<section name="resources">
<key name="ids_DR_DD" value="Rename %1 to %2">
</key>
<key name="ids_FC_DD" value="Delete %1">
</key>
<key name="ids_FR_DD" value="Rename %1 to %2">
</key>
<key name="ids_RCV_DD1" value="Delete registry value %1 under %2">
</key>
<key name="ids_RCV_DD2" value="Update the registry value %1 under %2
with data type %3 and data %4">
</key>
<key name="ids_RDK_DD" value="Restore the registry key %1">
</key>
<key name="ids_RDV_DD" value="Restore the registry value %1 under %2">
</key>
<key name="ids_RPC_DD" value="Launch %1">
</key>
<key name="ids_RRK_DD" value="Rename registry key %1 to %2">
</key>
<key name="ids_RRV_DD" value="Rename registry value %1 to %2 in %3
registry key">
</key>
<key name="ids_SS_DD" value="Stop service %1">
</key>
<key name="ids_STP_DD" value="Start service %1">
</key>
<key name="ids_DD_SD" value="Undo directory changes">
</key>
<key name="ids_FD_DD" value="Restore %1">
</key>
<key name="ids_FR_SD" value="Undo file changes">
</key>
<key name="ids_PS_DD" value="Reboot your computer to finish registering
all the programs those were running before guided help began">
</key>
<key name="ids_RCK_DD" value="Delete registry key %1">
</key>
<key name="ids_RCK_SD" value="Undo registry key">
</key>
<key name="ids_RPC_SD" value="Restore from the system restore point">
</key>
<key name="ids_SS_SD" value="Stop service">
</key>
<key name="ids_STP_SD" value="Start service">
</key>
</section>
</configuration>

What's all that "delete" stuff? I don't think this could have been what
opened that Command Prompt thing(I think it had something to do with
"my profile being unable to load" as I had read in the Windows Event
Log), but I'm just sort of curious now.

Thanks,

DM

 

[Richard Urban]

To assist others, what is Guided Help and where did you get it from?

These answers may also allow others to assist you!

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[d362636]

To assist others, what is Guided Help and where did you get it from?

These answers may also allow others to assist you!

http://support.microsoft.com/kb/915092/

It's apparently some sort of new Active X control for IE that will
actually either teach you to repair Windows, or just do it for you.

DM

 

[Richard Urban]

Thank you. I wasn't aware of this function.

I see that there are 28 Knowledge Base articles that implement this.

Did you run any of them? Which one? It may be that the changes are
accomplished during a reboot for a particular article.

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[d362636]

Thank you. I wasn't aware of this function.

Apparently it's going to be something built into Vista, but they are
also trying to implement into XP via Active X controls in IE.

I see that there are 28 Knowledge Base articles that implement this.

Yeah, there's quite a bit of them out there. Each one does a specific
job, or walks you through how to do it.

Did you run any of them? Which one? It may be that the changes are
accomplished during a reboot for a particular article.

I've run two so far:

The "How to re-create the Show Desktop Icon"
http://support.microsoft.com/?kbid=190355

"Backup Registry"

http://support.microsoft.com/kb/322756

This one didn't work too well as I didn't have some app called "Backup"
installed when I installed XP, and didn't feel like breaking out the XP
disc to put it on there. I found an alternative method to backing up
the registry.

Curiously, Windows Defender found this "CmdLineExt03.dll" that is
either some sort of varient on Securom of that bullshit Sony copyright
thing(that was messing up PCs a while back) and told me that it was
dangerous and told me to delete it immediately. I did. As my original
problem stemmed from some random Command Prompt Window opening up, and
then proceeding to delete everything in my profile, I am almost
guessing this could have been the culprit.

DM

 

[James Finnigan [MS]]

Hi there,

I'm one of the Guided Help developers. It's very unlikely that this Guided
Help topic would lead to the issues that you're seeing. The XML file is
used by the Guided Help extension dll to generate undo descriptions and
information. Because the same extension dll is used for all the XP-based
Guided Help topics, you may see strings that don't apply to your task. To
undo a guided help topic, just run it again. You'll get the choice to undo
what was previously done or run the script again. Undo is not available for
some scripts (where it's not possible).

If I was you, I'd download autoruns.exe from sysinternals and see why that
console window came up.

HTH,
James

 

[d362636]

I'm one of the Guided Help developers. It's very unlikely that this Guided

Help topic would lead to the issues that you're seeing. The XML file is
used by the Guided Help extension dll to generate undo descriptions and
information. Because the same extension dll is used for all the XP-based
Guided Help topics, you may see strings that don't apply to your task. To
undo a guided help topic, just run it again. You'll get the choice to undo
what was previously done or run the script again. Undo is not available for
some scripts (where it's not possible).

If I was you, I'd download autoruns.exe from sysinternals and see why that
console window came up.

Well, the only problem I'm seeing with that is: This happened back on
Sept 15th(I remember the night quite well) and I'm not seeing anything
in Autoruns that may help me narrow it down as it can't do anything by
date(though I am liking how it'll tell you every driver you currently
have loaded, etc).

About the only thing Event Viewer told me, about the night of the
issue, was something about my profile being full and not being able to
be properly unloaded. With that said, I downloaded something from MS
called "UPHClean" that's supposed to help out with that(after Windows
freaked out and deleted nearly everything in my current profile).

http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

DM