RPC disconnect

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

When i switch on my PC a window opens that says "cannot find openme" if i open my task manager it shows 8 svchost.exe processes running which when i shut one down the "RPC" problem normally associated with msblast appears. I have McAfee activeshield and firewall plus running and have never had msblast or anything similar and don't have them now...any ideas
 
Hi Alun,

Openme.exe is bug you want to remove, see this from MVP Doug Knox:
http://www.dougknox.com/xp/scripts_desc/xp_openme_fix.htm

Also, despite what your AV software says, you have a bug in your system.
Could you please export and post the contents of these keys in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

To do this, start/run regedit, expand the branches to each key (do this one
at a time). Click on the key, then on file/export. Give it any name, then
save to the desktop. Once you have saved both keys, close the registry
editor. Right-click one of the saved files on the desktop, choose edit, it
should open in notepad. Click edit/select all/edit/copy. Open a response to
this post and click in the message text area. Hit ctrl+v to paste the
contents. Repeat for the other saved key, then send the post for
examination.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone



Alun said:
When i switch on my PC a window opens that says "cannot find openme" if i
Click to expand...
open my task manager it shows 8 svchost.exe processes running which when i
shut one down the "RPC" problem normally associated with msblast appears. I
have McAfee activeshield and firewall plus running and have never had
msblast or anything similar and don't have them now...any ideas
 
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
 
Windows Registry Editor Version 5.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup
"nwiz"="nwiz.exe /install
"SoundMan"="SOUNDMAN.EXE
"SUPASTATUS"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\status.exe
"IW_ControlCenter"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot
"WinMove"="C:\\Documents and Settings\\Alun Stone\\My Documents\\Hyper\\Hyper OS\\HYPER\\WINMOVE.EXE
"CARPService"="carpserv.exe
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe
"DollarMachine"="C:\\WINDOWS\\DollarMachine.exe -n
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe
"aconti"="C:\\WINDOWS\\aconti.exe -auto
"acocash"="C:\\Program Files\\fastdownloads-dom2\\fastdown.exe -auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
"Installed"="1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
"Installed"="1
"NoChange"="1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
"Installed"="1
 
'xp_openme_fix.vbs - Removes the run entry for the Openme.exe fil
'© Doug Knox - Modified 3-25-0

Dim WshShell, p1, p

Set WSHShell = WScript.CreateObject("WScript.Shell"
p1 = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
p2 = "Explorer.exe
WshShell.RegWrite p1, p
Set WshShell = Nothin

MsgBox "Finished!", 4096, "Done!

This is the post that came up post "openme" fix, Thought it might help. Thanks for the info, left McAfee running overnight (early hours here in the UK) I'll pop back tomorrow to see if there,s any more info. Cheers A

P.S. Everything seems to be changing user to NT all of a sudden
 
Hi Alun,

This one here:

"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"

has been known to be a problem, please see:
http://www.safersite.com/pestinfo/k/keenvalue.asp

This one here:

"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""

Is from Gator, known crapware that you should remove. This last one:

"aconti"="C:\\WINDOWS\\aconti.exe -auto"

Is a virus, and may the real source of your problems, please see removal
instructions here:
http://www.sophos.com/virusinfo/analyses/dialalifea.html

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone



Alun said:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"SUPASTATUS"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\status.exe"
"IW_ControlCenter"="C:\\Program
Click to expand...
Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"QuickTime Task"="\"C:\\Program
Click to expand...
Files\\QuickTime\\qttask.exe\" -atboottime"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"TkBellExe"="C:\\Program Files\\Common
Click to expand...
Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"WinMove"="C:\\Documents and Settings\\Alun Stone\\My
Click to expand...
Documents\\Hyper\\Hyper OS\\HYPER\\WINMOVE.EXE"
"CARPService"="carpserv.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DollarMachine"="C:\\WINDOWS\\DollarMachine.exe -n"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"aconti"="C:\\WINDOWS\\aconti.exe -auto"
"acocash"="C:\\Program Files\\fastdownloads-dom2\\fastdown.exe -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\IMAIL]
"Installed"="1"
Click to expand...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\MAPI]
"Installed"="1"
"NoChange"="1"
Click to expand...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\MSFS]
"Installed"="1"
Click to expand...
 
Back
Top