# Solved: RPC Server Not Available



## rritch01 (Dec 28, 2010)

I installed a free virus checker (I know...should have known better) which seems to have hijacked some settings. When trying to update files to my online storage/backup, I get "_com_error: RPC server is unavailable." I did some online research and followed a couple of suggestions to edit the registry, but I'm unable to save changes. At this point, I'm afraid I'm really going to screw something up if I keep playing with the issue on my own. 

I have uninstalled the virus checker. 

Dell XPS M1710 running Windows 7. 

Thanks for any advice.


----------



## Byteman (Jan 24, 2002)

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

Also please do this:

Run Hijack This and click *Open the Misc Tools* section.
Click Open Uninstall Manager > Save list and save the log to your Desktop.
A list of programs will open in Notepad. * Post the contents of this log. Someone will check the log but it may take some time*


----------



## rritch01 (Dec 28, 2010)

Thank you. 

Text of log file:

{{Edited by Byteman:: Since these were logs from your work computer, there is no need for them to be and they could confuse someone....so I am removing them}}


----------



## Byteman (Jan 24, 2002)

Hi, I am confused>>> You had this in first post >>> *Dell XPS M1710 running Windows 7. *

But, your HJT logs indicates it was run on XP- explain please. Do you use multiple operating systems on the Dell?



> Platform: Windows XP SP3 (WinNT 5.01.2600)


 Looks like a work type computer- our policy is generally to not assist with business machines....

And, I don't see anything bad in the log. You have a very busy computer!

I suggest you go through this thread, though it was for a Vista machine it might give you some clues, particularly about a firewall which blocks things..... >> http://forums.techguy.org/networking/736702-solved-rpc-server-unavailable.html

That's about all I can give you, except have you tried asking the support people for that antivirus software you uninstalled?

Was it a legit program? What exactly was the name of it?


----------



## rritch01 (Dec 28, 2010)

Thank you. I apologize for the confusion.

My issue is actually with our home computer. I picked up the message to do HijackThis on my work computer and accidentally ran the logs for that computer. The correct logs for the home computer follow. I'm also including a warning message I got when running HijackThis.

I installed Multi Virus Cleaner 2009, which I downloaded from Tucows.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:42 AM, on 12/31/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Admin\Downloads\HijackThis (1).exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://abcnews.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShopperReports - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET CLR 3.0.30618; Media Center PC 5.0; SLCC1; ShopperReports 3.0.227.0; P_IT_E8790074B2765E5B32AF92; Hotbar 11.0.78.0; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; MSSDMC2.5.2219.1)" -"http://www.cartoonnetwork.com/games/knd/icecreamed/index.html"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: Trend Micro SafeSync.lnk = C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: humyo.com - Trend Micro Inc. - C:\Program Files\Trend Micro SafeSync\hrfscore.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 16321 bytes

---------------------------------------------------------------------------------------------------------------------------
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack may NOT be able to fix this. 
If it happens, you need to edit the file yourself. To do this, click Start, Run and type:
Notepad C:\Windows\System32 \drivers\hosts
And press Enter. Find the line(s) HijackThis reports and delete them. Save the file as hosts. (with quotes), and reboot.
For Vista, simply exit HijackThis, right click on the HihackThis icon, choose Run as Administrator.
--------------------------------------------------------------------------------------------------------------------------------
[email protected] ISO Burner v 1.1
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop 7.0
Adobe Photoshop Elements 4.0
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader 8.2.5
Adobe Shockwave Player 11
Advanced SystemCare 3
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Blue Coat® K9 Web Protection 4.0.288
Bonjour
Broadcom Management Programs
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
ClueFinders 4th Grade Adventures
ClueFinders 5th Grade Adventures
CoffeeCup Free FTP
Conexant HDA D110 MDC V.92 Modem
D3DX10
Danny Phantom Ghost Sweep
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Digital Line Detect
Disney's Mickey Mouse Preschool
Documentation & Support Launcher
EA SPORTS online 2006
Feedback Tool
Football Superstars
Free PDF Converter
Games, Music, & Photos Launcher
Garmin USB Drivers
Garmin WebUpdater
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphics Converter Pro v6.8x
ieSpell
Internet Explorer Infoaxe Toolbar
Internet Service Offers Launcher
iPod for Windows 2006-06-28
iTunes
IZArc 3.7
Java(TM) SE Runtime Environment 6
JumpStart 1st Grade 2001
JumpStart Preschool v2.0
Junk Mail filter update
Kid's Card Games
Magic ISO Maker v5.4 (build 0256)
Malware Destroyer
MediaDirect
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Disc 2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Store Download Manager
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NetZeroInstallers
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Palm
Picasa 3
Quicken 2008
QuickSet
QuickTime
Reader Rabbit 1st Grade
Reader Rabbit 2nd Grade(R) Mis-cheese-ious Dreamship Adventures(TM)
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShopperReports
SigmaTel Audio
SlideRocket Player
SlideRocket Player
Sonic Activation Module
SpongeBob SquarePants Obstacle Odyssey 2
Sprint SmartView
Sudoku Quest
Synaptics Pointing Device Driver
System Requirements Lab
The Weather Channel Toolbar
Trend Micro SafeSync
Uniblue RegistryBooster
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
VoiceOver Kit
WD SmartWare
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Yahoo! Music Jukebox
Yahoo! Toolbar
Youth Education CD-ROM
Zoombinis Logical Journey(TM)


----------



## Byteman (Jan 24, 2002)

I do see some minor ad or spyware, I also see a Registry optimizing or cleaning program, we do not advise you to use these type programs, they can cause your computer problems.....perhaps not the majority of people who use them get problems, but far too many do, as we can testify to.....

Uniblue RegistryBooster--- my advice would be to discontinue using this.

Advanced SystemCare 3--- This one may be OK, but still the chance exists that it might remove something needed. I know these are pay-for programs, so removing them is optional, but do use them wisely.

I am not sure if they create backups when they run, though some do, so you have to be sure yours does and to use that feature if you insist on using these. System Restore will not always be able to bail you out!

I see you also have EMCO Malware Destroyer, which is from what I recall, a decent spyware scanner.....it should I think have removed more, but maybe you have not used it in a while.....

Please do this:








Download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

I will check that when you post it. There is no need to rush as far as this end, anyway........ I will be around off and on tonight. I had some teeth removed to get ready for dentures so, no parties for me!

* The link in my last reply still may be useful to you so do go through it fully. This info here >>> *
http://www.ctimls.com/Support/KB/Error Fixes/Fix_Error_RPC_Server_Unavailable.htm [/color]  is much the same just including it for reference.


----------



## rritch01 (Dec 28, 2010)

Thanks. Hope your teeth feel better.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5435
Windows 6.1.7600
Internet Explorer 9.0.7930.16406
1/1/2011 8:56:25 AM
mbam-log-2011-01-01 (08-56-25).txt
Scan type: Quick scan
Objects scanned: 152556
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 142
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 30
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8F15442D-92FE-472C-93BC-C7D9C1E0FE2A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{DBD6316E-2871-4378-B894-3276DF921ADE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{E25B51BE-819E-4693-B72C-C1C01E12E7E2} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{F12D25DA-B90A-4C8B-968C-221878A9CD8F} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483D-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496B-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4DF0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471F-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4BB8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4FA7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ScopeExternal.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ScopeExternal (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47CE-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4A29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4A5B-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4C07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4FB5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4FB1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekdns (PUP.Zwangi) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.227.0 (Adware.HotBar) -> Value: ShopperReports 3.0.227.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\P_IT_E8790074B2765E5B32AF92 (Adware.Platrium) -> Value: P_IT_E8790074B2765E5B32AF92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.Hotbar) -> Value: [email protected] -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\1810693777 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\Seekdns (PUP.Zwangi) -> Not selected for removal.
c:\Users\Admin\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Seekdns (PUP.Zwangi) -> Not selected for removal.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\shopperreports3\bin\3.0.227.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\1810693777\config.udb (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\1810693777\init.udb (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\1810693777\Langs.udb (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\Seekdns\seekdns129.exe (PUP.Zwangi) -> Not selected for removal.
c:\program files\shopperreports3\bin\3.0.227.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.


----------



## rritch01 (Dec 28, 2010)

No luck... I still get the RPC Server error with Trend Micro. 

I tried to go to Services and change RPC. The options are set as you recommend, but I also can't access them to change them if I needed to. I went back to Services and selected "Run as Administrator" and still couldn't access it. There is only one logon to this computer and it has Administrator rights. 

Thanks for everything so far!


----------



## Byteman (Jan 24, 2002)

Your not able to access certain things problem is perhaps caused by this> *IE 9.0*

The info at Trend's site has :

Internet Explorer 7.x and 8.x (32-bit and 64-bit)

Firefox 3.5 and higher

· Safari for Mac 4.x and 5.x

· Chrome 5.x

· iPhone Safari
·
Windows Mobile IE
·
Android browser

as supported browsers.....hmmm. *Maybe you use one of those when Uploading or connecting?? *

OR> it could be this, unless you have had this for a while, and the TM Sync thing was OK with it....

Blue Coat K9 Web Protection (parental control software) Temporarily turn it off, especially while we are fixing things!

Turn it off now and try your Update /Synce thing maybe that will help.....

In the thread I posted a link to back a few replies ago...... this info may help you witht the "RPC server is unavailable" error, too.



AbsentHarvest said:


> I found the problem. The RPC server is unavailable because the service couldn't function properly because it's dependancy (server service) couldn't start... I checked the dependencies through the server's properties and I looked through services and started those required dependancies to start the server service, once that started... Everything functioned properly. Sorry, didn't mean waste the thread. I just hope this thread will come handy to those who stumble upon it through google with a similar problem. xD


Check the dependencies on your computer .... the screenshots at the link will help you. Just about the only other thing that will help is a Windows Repair install and with the amount of software on your computer you really do NOT want to have to do that!!!!. I have seen the error you have with Windows XP, but not yet with a Win 7 but I am still loooking around for ideas. Any details regarding it, like was it definitely caused by that antivirus thing you had installed, would be good to have. Looked to me that it was caused by that, maybe there was a free firewall included in it?

You could wait on doing the dependency work until later. Your best bet might be Trend's support techs, they may have run into the same issue before. Obviously, the free antivirus service hammered on the RPC and the change did not set well.

_ _ _ _ _ _ next

Download Gmer here> http://www.gmer.net/download.php

Record the odd name it has, and Save It to the root of Drive C: <<Important!!


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on *this link* to see a list of programs that should be disabled. *And here I have to tell you, I don't see any active antivirus program in your logs, so you should be OK to run Gmer but we will have to get you a free antivirus later*

Have that Parental Control K9 app turned off!!!

Double-click on *the downloaded file* to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "*No*". <<<Important!!!
Click the "*Rootkit/Malware*" tab.
When the Quick scan is finished, click *Save*, Then browse to save the scan results to your Desktop.
Save the file as *Results* and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.
*You do not need to run a scan. Immediately after the program starts, a Quick Scan is performed.*


----------



## rritch01 (Dec 28, 2010)

Results of the log below.

I forgot to mention that the initial backup worked with IE9 and the Parental Blocker. Just adding to the mystery.... 

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-02 09:30:08
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST910021AS rev.8.04
Running: j3czolms.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwloikow.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp bckd.sys
AttachedDevice \Driver\tdx \Device\Udp bckd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----


----------



## Byteman (Jan 24, 2002)

As far as an antivirus program, do you have a favorite in mind?

http://www.microsoft.com/security_essentials/ <<< a very good one to consider.

Would be good to have the scan results of that or similar program while we are working on malware.

Keep the Malwarebytes Antimalware Free edition as a top choice scan and remove tool.

You seem to have a lot of children around using kid software, which can lead to ad and some minor spyware like you had....

Probably your computer was an XP or Vista PC that you upgraded......hard to imagine all that stuff getting onto a new computer.

I would say you should be fine now, but I will keep my eyes open for a fix for the RPC server issue. Does that only affect the Trend Micro Sync? Do you get any other errors at any time?

I hestiate to suggest an UNinstall and REinstall because I am not sure there would be a reinstall if something is wrong with the Windows services.....


----------



## rritch01 (Dec 28, 2010)

Drag....while the computer seems to be running better, the RPC Server still doesn't work.


----------



## Byteman (Jan 24, 2002)

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.


----------



## Irukku (Dec 27, 2010)

*Start -> Run -> services.msc*

locate the service "Remote Procedure Call" and *Start* it.


----------



## Byteman (Jan 24, 2002)

Read the whole thread, the poster has tried all that without success.


----------



## Irukku (Dec 27, 2010)

Try this:

Open your registry editor (_start -> run -> regedit_)

Open the key _HKEY_LOCAL_MACHINE/system/currentcontrolset/services

_Locate the service key _Fax
_
Under the "_Security_" key, click to _modify_ the binary data "_Security_", and copy everything you see there (Ctrl+C)

Locate the service key "_RPCSs_" and replace everything you see there with the values you copied from Fax's binary value.

Restart your computer.


----------



## rritch01 (Dec 28, 2010)

Here is the log. I see stuff I don't recognize (seriously....).

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/04/2011 at 08:11 PM
Application Version : 4.47.1000
Core Rules Database Version : 6131
Trace Rules Database Version: 3943
Scan type : Quick Scan
Total Scan Time : 00:33:55
Memory items scanned : 858
Memory threats detected : 0
Registry items scanned : 2835
Registry threats detected : 5
File items scanned : 30275
File threats detected : 77
Adware.Tracking Cookie
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
a.media.abcfamily.go.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
ace.advertising.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
adsatt.espn.go.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
adtechie.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
bannerfarm.ace.advertising.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
bbca.channelfinder.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
bc.youporn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
c13.zedo.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
cdn.eyewonder.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
cdn.insights.gravity.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
cdn1.eyewonder.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
cdn2.invitemedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
cdn2.specificmedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
cdn4.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
content.video.imedia.ro [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
content.yieldmanager.edgesuite.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
core.insightexpressai.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
crackle.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
****edhard18.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
gallery.teenpinkvideos.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
googleads.g.doubleclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
ia.media-imdb.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
imagec17.247realmedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
indieclick.3janecdn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
input.insights.gravity.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
interclick.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
m1.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media-0.phonezoo.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media-macys.pictela.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.dyson.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.jambocast.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.kvue.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.mtvnservices.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.mtvu.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.nbcphiladelphia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.oldnavyweekly.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.resulthost.org [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.scanscout.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.tattomedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.thewb.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.wfaa.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.whas11.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.wkbw.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media.wvec.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media01.kyte.tv [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
media1.break.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
mediaforgews.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
mediaonenetwork.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
memecounter.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
motifcdn2.doubleclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
msnbcmedia.msn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
naiadsystems.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
objects.tremormedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
oneclicktube.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
pointroll.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
richmedia247.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
secure-us.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
spe.atdmt.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
static.sexsearch.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
tribalfusion.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
udn.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
video.redorbit.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.badassteens.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.gvsmedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.hornypharaoh.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.nudeteenphotography.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.pornhub.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.sexgodmethod.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.sexyclips.in [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.thinkteens.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
www.ziporn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
wwwstatic.megaporn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
zedo.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WEV4CU2Z ]
Adware.Zango/ShoppingReport
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version


----------



## Byteman (Jan 24, 2002)

Hi, It's OK we are very used to it all. Mostly SAS removed a pile of stubborn Flash Cookies, other objects, leftovers, some parts of Zango searchbar.....

I see DameWare MiniRemote Controls is installed- if you connect remotely, say from work, then it is OK.

It can be mis-used but it does not look to be out of place, you may work at home....

*Did you try what Irukku posted? I'm not sure that would be bad or good to do, or if it would fix the issue with RPC Server.*

Is that error still coming up?

Does the Internet and other computer functions seem "normal" to you?


----------



## rritch01 (Dec 28, 2010)

Thanks again for your help. 

I don not connect remotely from work. Maybe it has something to do with my online backup? (Which is not working because of RPC issue). 

I tried what Irukku posted again. The command to Start (or Stop) RPC is faded and I can't select any of the options. The status indicateds it is started, The path to the executable is c:\Windows\System32\svchost.exe -k rpcss. 

Everything else seems to be running fine. If I'm messing with Trend Micro, my IE will lock up sometimes, but that's it.


----------



## rritch01 (Dec 28, 2010)

I just notices something.... I think the rpc server might be working when I boot. Its like it shuts down when I use TrendMicro. Certain stuff seems to have downloaded from the online backup and then...it hangs.


----------



## rritch01 (Dec 28, 2010)

I spoke too soon. I rebooted and ran services.msc and had the same experience - options ghosted out


----------



## Byteman (Jan 24, 2002)

Hi,

I think it is time to look for solutions in reinstalling Safe Sync, perhaps.... I have looked in their Knowledgebase and found zero info as to your specific error. But, the program may have blown up an update> let's have you try for Updates to your version (it may be 3.0, you will have to look to find the version...)

Go to > *http://esupport.trendmicro.com/consumer/answerguides.aspx?ag=75*

Go through the things, see if you can get any updates.

If that does nothing then we can look at UNinstalling and REinstalling, you will have to know any License key that the program requires..... however, first see things below:

*This page is Online Help, and one of the items is to guide you in setting Proxy settings, so I suggest that this one be checked out well >>> http://help.safesync.com/en/ ((Left side menu "How To"))*

Here are the support pages for the Safe Sync program >>> *http://esupport.trendmicro.com/consumer/pages/faq_safesync.aspx*

I will keep looking and see what I can find.

*Trend Micro support may help you fix this. I read two error solutions, not exactly the same, both involving RPC not available messages, and a simple Registry addition entry solved those..... I suggest you to contact Trend support, you can see a link at either of those support pages if not just yell......I also suggest that you do not do a System Restore back in time if they suggest that, as the malware we have removed will most likely come back. *


----------



## rritch01 (Dec 28, 2010)

Sorry for taking so long to respond - I reinstalled Trend Micro under a different email address (to keep it free for 30 days) and the backup worked. 

Thank you for your patience. I've retained the recommended Malware and Antivirus programs.


----------



## Byteman (Jan 24, 2002)

OK- when you are ready, you can mark this "Solved" by hitting the Mark Solved button at the top. You can still reply here if you need to.

Eventually the thread will be Closed automatically.


----------

