Dave0

Many programs have, or imagine that they have, legitimate reasons to make a web connection. For Media programs like Real Player, it's normal for the program to "phone home" every time you play something, to get the track data and DRM info.

Media programs, and others, may also be set up to check periodically for updates.

If one of these programs attempts to make a connection, and doesn't succeed, it's possible for the program to drop a "run once" file on your machine, so that the next time there's an "opportunity" to connect it will try to go to the program's home site.

This may be all that's happening with your Real Player. It's failed to make a connection that it requested, so it "remembers" that it wanted the connection the next time it sees that your browser is on line.

Ideally, it would tell you that it wants to connect, would give you a reason why it wants to connect, and would ask if it's okay. The way some of these are set up though, it may not remember why it wanted to "go home," but tries to connect anyway (without asking).

As in my first post in this thread:
The only semi-legitimate redirect I've seen associated with WinXP is a result of automatic updates. I think it happens only when my dialup connection drops offline before an update is completed. In this case, a "run once" link is dropped into Startup so that when I open my browser it goes directly to the Microsoft download center instead of to my normal home page - ONCE. I've confirmed that it goes to the right place, and it's been helpful for checking that I've gotten all of the update. The run once tag self destructs once it's run and I leave the Microsoft site.

I haven't seen a hookup attempt like what you describe with Real Player, but I've made some rather drastic rearrangements of preferences for my copy - so long ago that I don't recall what I changed. What you saw may be "normal" for Real Player with default settings, or with setup/preference changes you've made, even if it's not commonly observed.

Since none of us here have seen this as a normal occurance with Real Player, it's appropriate for us to recommend that you check for malware - which could also be doing what's described. It takes about three hours for a full scan with my AV, an hour and a half for me to run AdAware and about an hour to run Spybot S&D on my machine; but I do it anytime there's an unexpected event that I can't explain easily, just to eliminate the "worst case" possibility. (And I also run regular scans "just because.")

You've done what should be done to have reasonable confidence that you're not infected with any of the common malware. While there are a few possible forms of malware that could be present and that could be missed by what you've done, they're rare enough that I wouldn't worry about them unless you see other symptoms that something's not right.

If, for example, your browser redirects you to the Real Player site with Real Player removed from your machine you might want to consult one of the several good "web advisors" to let them look at your machine data and give a "professional opinion" about what might be going on, or seek a remote scan from one of the AV makers that specializes in "exotic threats." At this point I wouldn't be inclined to go to that step.

You should update your Spybot. Ad-Aware "catches a lot more" because it removes a lot of "clutter" that others consider just "useless but mostly harmless."

The majority of things that Ad-Aware removes don't send any personally identifiable information to anyone. The "tracking cookies" allow a site to tell that "this machine was also at that other site" but don't say anything about whose machine it is. It doesn't really harm you, but it doesn't do much to help you personally, so Ad-Aware removes it. It is good, from the Ad-Aware viewpoint, to find a lot of stuff and remove the clutter.

Spybot ignores many of the things that Ad-Aware removes; but arguably is better at finding and removing more serious threats that Ad-Aware misses. It is good, from the Spybot S&D viewpoint to NOT FIND a lot of stuff to remove, because that means you don't have really invasive malware on your machine. You do have to take it on faith that if something bad does come along, Spybot S&D will find it and remove it - but you don't really want it finding a lot of stuff routinely.

The two serve slightly different purposes, and need to be used together. Used as a pair, they are consistently ranked among the most effective (free) programs available.

If you've removed Real Player, or any other program(s) that might have made registry entries, by just deleting the folders instead of going through Add/Remove Programs or using an uninstall program specific to what you're removing, Registry Mechanic would be likely to find something to correct.

Even a program that doesn't "Register itself" when installed may make a Registry entry for a "settings" file (usually a .dll) when you change settings, so trash does accumulate in the Registry. When you change settings, new lines in the Registry may be created, and often the prior setting is just "nulled out" without being removed. Some Registry utilities will try to remove "unused lines," which can be numerous, and some don't bother.

You probably can back off the "red alert" to something like "fuschia." It won't hurt to continue to watch for behaviour that looks unusual for a while, but back-to-work seems appropriate.

If you want to reinstall Real Player, you may want to pay pretty close attention to the setup and options so you'll understand what it's doing; but many people get by happily with absolutely no understanding of much of anything ...

John