Ohhhh Crap

Hi guys,

I need help bad. I have a problem with the about:blank hijack. I went to the FAQ sticky and was following the instructions there and I think I FUBARed my laptop.

I went in and disabled my system restore like you said. It gave me the box to click but it didnt ask to restart the comp so I didnt.

I went to step 2 to disable the "remote procedure call" service however there was no option to disable it. it was on automatic but it didn't give me the stop function box or any box on that screen, so like an idiot I went to the (log)? tab and disabled the box where it said to disable for "profile 1". Pretty much went to crap from there.

I tried to go in and undo what I just mentioned and now all the files that were under the extended tab when I ran services.msc are GONE. I also cant go in and re enable system restore because the WHOLE TAB under my computer properties is gone.

Whatever I did screwed up a lot of things. I need help bad. Please help with any ideas.

 

Anyone?

 

Hi Prost55cvy,

Please hang in there until Chaslang or Kodo get a chance to take a look at your thread.

PP

 

Chaslang,

Yes I had the about:blank problem. I guess I missed the "helper" at the end of the RPC.

I can see all of the services under the standard tab after tying in services.msc but it will not allow me to get into the properties in those ones. When I right click properties it doesnt do anything.

I also tried the cmd and typed in what you said and that didnt seem to do anything. svchost<sp>-k<sp>rpcss where the <sp> indicates a space right?

I am hoping that being able to get to the services under the standard tab is a good thing. Any other steps I should try? Thanks for your help.

 

I also tried to do the same things in safe mode with networking but that had the same results.

Would restarting using the last known good option in safe mode work?

 

Chaslang,

Yeah, when i checked services.msc after the command it didnt change anything on the extended tab.

I am running windows XP, however since I disabled my system restore in step one, I can't use that. When I try to access it from the my computer properties screen, the tab to unclick the disable system restore is GONE.

When I try to get to system restore through control panel, it says that I can't access it because it has been disabled.

 

chaslang,

Under controlset001 under start: type is reg_dword and the data is 0x00000002(2)

There is no controlset003 or controlset.

There is a controlset002 that has the same values as controlset001 = 0x00000002(2)

There is also a file that says currentcontrolset which has the same start values as the other two.

I will download the zip files and as you requested.

 

Starting from the beginning

Go to C:\windows\inf and right click, install sr.inf.
You will need the CD.
If you have Sp2, point it to C:\windows\servicepackfiles\i386


the inf directory is hidden, you will need to show it, or access it from start, run.

This should bring back the System Restore tab.

 

Next issue. Using XP Home or Pro?

 

Hi guys,

The info under the "type" tab is correct at 0x00000020(32) on all control sets.

The version of windows that I am using is windows XP home. It came pre installed on the laptop so I don't have them XP disk.

I do have an XP home CD for a different computer that I built but it is just an upgrade version. Would that work?

 

If its preinstalled, you will generally find the contents of the XP installation (i386) under C:\windows.

Anyway, report back on the system restore issue.

Also, in services.msc, does it show RPC running?

 

Hi Guys,

I found the I386 folder, I have Service Pack 1. Under the i386 folder I dont see a sr.inf file. there is a sr.in_ and there is also an install.in_ file, are these correct?

Also under services.msn, all the files are in there under the standard tab but none are in the extended tab.

 

Ok, found the sr.inf and hit install, pointed it to c:/i386 and the pop up box says

Source: c:\i386\sr.sy_.

Target: c:\windows\system32\drivers\sr.sys.

The target file exists and is newer than the source.

Overwrite the newer file?

Should I click yes, no, or no to all?

Sorry I'm a dork but I dont want to screw anything up worse.

 

Ok I let it run and it overwrote several files, however I still have no system restore tab, there are still no programs under the extended tab on services.msc, and there doesnt seem to be anything different on what we looked at with regedit.

 

I did the same stupid thing yesterday & I am stuck too. Its amazing how many issues are caused by RPC. Any new thoughts?

 

Adrynalyne

Under msconfig the RPC's are shown as stopped. Under services.msc it is not shown as running.

Also, what do you make of it no services being listed under the 'Extended' tab in services.msc?

 

do you thing that could possibly be ad-aware finding his homepage set to about:blank in IE ?

 

I dont think either problem is from a specific hijack but from both us follishly disabling RPC.

 

TTT please

 

Ok let me see if I can get this attachment done.

edit: guess not, is there supposed to be an attachment link?

 

I don't have the browse button for attachments

 

Is it supposed to be under additional options because I dont see it. Do I need to have my options setup a certain way?

 

Yes the message board. On the screen where you type your reply I am not seeing a manage attachments button. Is it supposed to be under the additional options section?

There is a section called misc options with 2 check boxes, then there is something called attach files which is where I would assume this box should be but it isnt. Then there is thread subscription.

 

Ok shit, I was trying to use the laptop that is screwed to post the reply. On the laptop there is no manage attachments button. When I get on my desktop and post a reply it is there. I'm going to have to xfer my zip file to my desktop to post it. Will do in a sec.

 

Here we go. I think my laptop is really FUBAR

 

chaslang,

I saved the zip file to a folder, unzipped it, double clicked on fixcss-rpcss.reg and had it update, did the same for the other two files (fixcs1 and fixcs2).

Then rebooted computer.

What am I looking for now? There is still nothing under the extended tab in services.msc. Am I supposed to be checking something in regedit?

 

Correct, under the extended tab there is NOTHING at all just the blue/white background with the gear thing. Under the standard tab everything seems to be there starting with the alerter all the way down to workstation.

 

Under the standard tab there is nothing under the status column for RPC. It is setup for automatic. I can't seem to get into the properties to change the status using right click/properties or anything else. If I try and start it with a right click/start is gives an error

--------------------------------------------------------------------------
! Could not start the Remote Procedure Call(RPC) service on Local Computer.

Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
--------------------------------------------------------------------------

This is what happened originally when I disabled this thinking it was the RPC helper instead of just RPC. However when I did it the first time it was under the extended tab. I don't know how to enable this thing if I cant get into properties. I thought if it was set to automatic then it should come on during startup?

 

YES YES YES!!!!!!! AHAAAAAA

OK the l tried the things in your last post with no success, but I happened to come across this thing on the support page

http://support.microsoft.com/default.aspx?scid=kb;en-us;838428

and IT WORKED!!!!! YAAAAYYYYYYY

I have all my services back on in the extended tab now and RPC is showing started and my system restore is back online.

Now the only problem is that I still have the damn about blank problem that is directing me to xyzsearch.biz for my homepage.

Chaslang you rock dude thanks for all your help.