Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed


  • Please log in to reply
14 replies to this topic

#1 Murphy

Murphy

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 07 April 2005 - 10:19 AM

Hey

I'm having trouble with my computer, my startpage has been hijacked

Logfile of HijackThis v1.99.1
Scan saved at 17:00:21, on 07.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\rpcss_pl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wauctlxp4.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skyr@cer Pro Utility\WLANPRO.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Bjørn Egil\Desktop\HijackThis.exe

O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINDOWS\System32\msasmsn7.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105033120999
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe

Edited by Murphy, 07 April 2005 - 12:45 PM.


BC AdBot (Login to Remove)

 


#2 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 07 April 2005 - 12:48 PM

Anyone who might know what seems to be the problem

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 07 April 2005 - 01:45 PM

Download killbox here:

KillBox

Unzip the folder to your desktop.

Reboot into safe mode.

Click on start, then run, and copy and paste the following bold text into the open field: sc config rpcss depend= ""

Then press the ok button.

Now start Killbox.exe

When it is open, enter C:\WINDOWS\System32\rpcss_pl.exe into the field labeled "Full path of file to delete".

Select the Delete on reboot option.

Then press the button that looks like a red circle with a white X in it.

Your computer will reboot and check to see if the file is gone.

Now fix the following entries in your hijackthis log:

O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINDOWS\System32\msasmsn7.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe

Reboot and post a new log

#4 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 09 April 2005 - 04:52 PM

After doing this my browser isn't working properly?

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 09 April 2005 - 05:13 PM

Click on start, then run, and copy and paste the following bold text into the open field: sc config rpcss depend= ""

Reboot and then go into start, run, and type services.msc and press enter. If you scroll down and look for the remote procedure call service, is it started?

if not start it.

Then post a new hjt log

#6 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 10 April 2005 - 03:39 PM

Here it is :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 01:18:03, on 10.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skyr@cer Pro Utility\WLANPRO.exe
C:\Documents and Settings\Bjørn Egil\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105033120999
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 10 April 2005 - 09:15 PM

Fix this entry:

O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe (file missing)


Reboot and post a last log

#8 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 11 April 2005 - 11:09 AM

Logfile of HijackThis v1.99.1
Scan saved at 16:40:24, on 11.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skyr@cer Pro Utility\WLANPRO.exe
C:\Documents and Settings\Bjørn Egil\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105033120999
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



Also a log I don't what is


An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x7CDAD19
Function=Java_sun_awt_windows_WToolkit_printWindowsVersion+0x1CB9
Library=C:\Program Files\Java\j2re1.4.2_06\bin\awt.dll

Current Java thread:
at sun.awt.windows.WComponentPeer.nativeHandleEvent(Native Method)
at sun.awt.windows.WComponentPeer.handleEvent(Unknown Source)
at sun.awt.windows.WTextFieldPeer.handleEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x77F50000 - 0x77FF9000 C:\WINDOWS\System32\ntdll.dll
0x77E60000 - 0x77F40000 C:\WINDOWS\system32\kernel32.dll
0x77C10000 - 0x77C63000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DC6000 C:\WINDOWS\system32\USER32.dll
0x77C70000 - 0x77CAE000 C:\WINDOWS\system32\GDI32.dll
0x77DD0000 - 0x77E5B000 C:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x7806F000 C:\WINDOWS\system32\RPCRT4.dll
0x772D0000 - 0x77334000 C:\WINDOWS\system32\SHLWAPI.dll
0x71700000 - 0x71848000 C:\WINDOWS\System32\SHDOCVW.dll
0x71950000 - 0x71A34000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x773D0000 - 0x77BBF000 C:\WINDOWS\system32\SHELL32.dll
0x77340000 - 0x773CB000 C:\WINDOWS\system32\comctl32.dll
0x771B0000 - 0x772C3000 C:\WINDOWS\system32\ole32.dll
0x71500000 - 0x715FD000 C:\WINDOWS\System32\BROWSEUI.dll
0x72430000 - 0x72442000 C:\WINDOWS\System32\browselc.dll
0x75F40000 - 0x75F5D000 C:\WINDOWS\system32\appHelp.dll
0x7C620000 - 0x7C6A1000 C:\WINDOWS\System32\CLBCATQ.DLL
0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll
0x77050000 - 0x77115000 C:\WINDOWS\System32\COMRes.dll
0x77C00000 - 0x77C07000 C:\WINDOWS\system32\VERSION.dll
0x5AD70000 - 0x5ADA4000 C:\WINDOWS\System32\UxTheme.dll
0x63000000 - 0x63095000 C:\WINDOWS\system32\WININET.dll
0x762C0000 - 0x76348000 C:\WINDOWS\system32\CRYPT32.dll
0x762A0000 - 0x762B0000 C:\WINDOWS\system32\MSASN1.dll
0x76F90000 - 0x76FA0000 C:\WINDOWS\System32\Secur32.dll
0x76620000 - 0x7666E000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661B000 C:\WINDOWS\System32\CSCDLL.dll
0x76670000 - 0x76754000 C:\WINDOWS\System32\SETUPAPI.dll
0x1A400000 - 0x1A47A000 C:\WINDOWS\system32\urlmon.dll
0x10000000 - 0x10022000 C:\WINDOWS\System32\msxxabt4.dll
0x63580000 - 0x63828000 C:\WINDOWS\System32\mshtml.dll
0x016A0000 - 0x01728000 C:\WINDOWS\System32\shdoclc.dll
0x74770000 - 0x747FF000 C:\WINDOWS\System32\mlang.dll
0x6B700000 - 0x6B790000 c:\windows\system32\jscript.dll
0x746F0000 - 0x74719000 C:\WINDOWS\System32\msimtf.dll
0x74720000 - 0x7476B000 C:\WINDOWS\System32\MSCTF.dll
0x746C0000 - 0x746E7000 C:\WINDOWS\System32\MSLS31.DLL
0x76390000 - 0x763AA000 C:\WINDOWS\System32\IMM32.DLL
0x325C0000 - 0x325D2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x71AD0000 - 0x71AD8000 C:\WINDOWS\System32\wsock32.dll
0x71AB0000 - 0x71AC5000 C:\WINDOWS\System32\WS2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\System32\WS2HELP.dll
0x71A50000 - 0x71A8B000 C:\WINDOWS\system32\mswsock.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x024F0000 - 0x02529000 C:\WINDOWS\System32\RASAPI32.DLL
0x76E90000 - 0x76EA1000 C:\WINDOWS\System32\rasman.dll
0x71C20000 - 0x71C6D000 C:\WINDOWS\System32\NETAPI32.dll
0x76EB0000 - 0x76EDA000 C:\WINDOWS\System32\TAPI32.dll
0x76E80000 - 0x76E8D000 C:\WINDOWS\System32\rtutils.dll
0x76B40000 - 0x76B6C000 C:\WINDOWS\System32\WINMM.dll
0x75A70000 - 0x75B13000 C:\WINDOWS\system32\USERENV.dll
0x71B20000 - 0x71B31000 C:\WINDOWS\system32\MPR.dll
0x75F60000 - 0x75F66000 C:\WINDOWS\System32\drprov.dll
0x71C10000 - 0x71C1C000 C:\WINDOWS\System32\ntlanman.dll
0x71CD0000 - 0x71CE6000 C:\WINDOWS\System32\NETUI0.dll
0x71C90000 - 0x71CCC000 C:\WINDOWS\System32\NETUI1.dll
0x71C80000 - 0x71C86000 C:\WINDOWS\System32\NETRAP.dll
0x71BF0000 - 0x71C01000 C:\WINDOWS\System32\SAMLIB.dll
0x75F70000 - 0x75F79000 C:\WINDOWS\System32\davclnt.dll
0x75970000 - 0x75A61000 C:\WINDOWS\System32\MSGINA.dll
0x76360000 - 0x7636F000 C:\WINDOWS\System32\WINSTA.dll
0x023F0000 - 0x02422000 C:\WINDOWS\System32\ODBC32.dll
0x763B0000 - 0x763F5000 C:\WINDOWS\system32\comdlg32.dll
0x1F850000 - 0x1F866000 C:\WINDOWS\System32\odbcint.dll
0x76F20000 - 0x76F45000 C:\WINDOWS\System32\DNSAPI.dll
0x76FB0000 - 0x76FB7000 C:\WINDOWS\System32\winrnr.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x76FC0000 - 0x76FC5000 C:\WINDOWS\System32\rasadhlp.dll
0x02ED0000 - 0x03077000 C:\WINDOWS\System32\macromed\flash\Flash.ocx
0x75E90000 - 0x75F32000 C:\WINDOWS\System32\SXS.DLL
0x65000000 - 0x65009000 C:\WINDOWS\System32\ddrawex.dll
0x51000000 - 0x5104D000 C:\WINDOWS\System32\DDRAW.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\System32\DCIMAN32.dll
0x74CB0000 - 0x74D1F000 C:\WINDOWS\System32\mshtmled.dll
0x1D300000 - 0x1D3D1000 C:\WINDOWS\System32\msdxm.ocx
0x35500000 - 0x35708000 C:\WINDOWS\System32\Quartz.dll
0x66880000 - 0x6688A000 C:\WINDOWS\System32\imgutil.dll
0x1B060000 - 0x1B06B000 C:\WINDOWS\System32\pngfilt.dll
0x76C30000 - 0x76C5B000 C:\WINDOWS\System32\wintrust.dll
0x76C90000 - 0x76CB2000 C:\WINDOWS\system32\IMAGEHLP.dll
0x767F0000 - 0x76814000 C:\WINDOWS\System32\schannel.dll
0x0FFD0000 - 0x0FFF2000 C:\WINDOWS\System32\rsaenh.dll
0x0FFA0000 - 0x0FFC1000 C:\WINDOWS\System32\dssenh.dll
0x73D50000 - 0x73D60000 C:\WINDOWS\System32\cryptnet.dll
0x04110000 - 0x04165000 C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
0x040E0000 - 0x040E6000 C:\WINDOWS\System32\XCOMMSVR.dll
0x04170000 - 0x0417A000 C:\WINDOWS\DOWNLO~1\FXFILEOP.dll
0x73000000 - 0x73023000 C:\WINDOWS\System32\WINSPOOL.DRV
0x5EDD0000 - 0x5EDEA000 C:\WINDOWS\System32\OLEPRO32.DLL
0x73D70000 - 0x73D82000 C:\WINDOWS\System32\shgina.dll
0x5A500000 - 0x5A58D000 C:\WINDOWS\System32\wiashext.dll
0x70D00000 - 0x70E91000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\gdiplus.dll
0x6D460000 - 0x6D470000 C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
0x6D330000 - 0x6D348000 C:\Program Files\Java\j2re1.4.2_06\bin\jpiexp32.dll
0x6D3A0000 - 0x6D3B8000 C:\Program Files\Java\j2re1.4.2_06\bin\jpishare.dll
0x08000000 - 0x08139000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\client\jvm.dll
0x040C0000 - 0x040C7000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\hpi.dll
0x04210000 - 0x0421E000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\verify.dll
0x04550000 - 0x04569000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\java.dll
0x04440000 - 0x0444D000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\zip.dll
0x07C40000 - 0x07D52000 C:\Program Files\Java\j2re1.4.2_06\bin\awt.dll
0x04FB0000 - 0x05001000 C:\Program Files\Java\j2re1.4.2_06\bin\fontmanager.dll
0x5C000000 - 0x5C0C8000 C:\WINDOWS\System32\D3DIM700.DLL
0x6D310000 - 0x6D324000 C:\Program Files\Java\j2re1.4.2_06\bin\jpicom32.dll
0x6D480000 - 0x6D49D000 C:\Program Files\Java\j2re1.4.2_06\bin\RegUtils.dll
0x08D40000 - 0x08D4F000 C:\Program Files\Java\j2re1.4.2_06\bin\net.dll
0x08940000 - 0x08962000 C:\Program Files\Java\j2re1.4.2_06\bin\dcpr.dll
0x6D510000 - 0x6D58C000 C:\WINDOWS\system32\DBGHELP.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\System32\PSAPI.DLL

Heap at VM Abort:
Heap
def new generation total 1024K, used 721K [0x10030000, 0x10140000, 0x10790000)
eden space 960K, 73% used [0x10030000, 0x100e1620, 0x10120000)
from space 64K, 18% used [0x10120000, 0x10122ee8, 0x10130000)
to space 64K, 0% used [0x10130000, 0x10130000, 0x10140000)
tenured generation total 12140K, used 10163K [0x10790000, 0x1136b000, 0x16030000)
the space 12140K, 83% used [0x10790000, 0x1117cef0, 0x1117d000, 0x1136b000)
compacting perm gen total 5376K, used 5177K [0x16030000, 0x16570000, 0x1a030000)
the space 5376K, 96% used [0x16030000, 0x1653e730, 0x1653e800, 0x16570000)

Local Time = Sun Apr 10 00:18:12 2005
Elapsed Time = 1171
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_06-b03 mixed mode)
#


Appreciate the help

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 11 April 2005 - 11:13 AM

Click on start, then run, and type services.msc and press enter. Then scroll down till you see RPC+ Service Provider . Double-click on it, and change the startup to disabled and stop it if its started (tell me if it was started in the reply)

Then post a new log

#10 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 12 April 2005 - 12:18 PM

I only got an error when I tried to initialize it.


Latest log:

Logfile of HijackThis v1.99.1
Scan saved at 19:10:10, on 12.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skyr@cer Pro Utility\WLANPRO.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bjørn Egil\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105033120999
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 12 April 2005 - 11:38 PM

What was the error?

#12 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 April 2005 - 11:27 AM

could not start the RPC+ Service Provider on local Computer.

Error 2: The system cannot find the file specified.

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 13 April 2005 - 04:06 PM

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\RPCSS+

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section.

Right click on RPCSS+ and delete it. Reboot and post a last log

#14 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 April 2005 - 11:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 00:22:46, on 14.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skyr@cer Pro Utility\WLANPRO.exe
C:\Documents and Settings\Bjørn Egil\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105033120999
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 14 April 2005 - 09:57 AM

Your log is clean! Great job!

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users