Jump to content


Photo
- - - - -

Computer messed up!


  • This topic is locked This topic is locked
119 replies to this topic

#21 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 March 2008 - 06:07 PM

I forgot that you were on Windows 2000
Can you do the following

Go to START>>RUN>>type in

regedit

Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Left click to highlight RpcSs
Then click REGISTRY at the top menu bar
"EXPORT REGISTRY FILE"
Give it a name, eg... waterburn
Then save it

Close registry editor
Can you navigate to where you saved the Export file
Right click on it and choose EDIT

Can you copy>>paste back here the whole contents?
If you can't copy and paste
Can you right click on 'waterburn.reg' and rename it to 'waterburn.txt'
Then upload it in a reply back here

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#22 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 29 March 2008 - 06:56 PM

Hi,

Here it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。"
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Thanks!!

Waterburn

P.S How was Earth hour?

#23 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 March 2008 - 07:23 PM

I've uploaded a file called
fix.txt at the bottom of this reply box
Right click the link and choose save link as

Can you save it to your desktop
Then right click on fix.txt and rename it too fix.reg
Allow the change

Double click on fix.reg and let it add/merge to the registry at the prompt

Reboot the computer

Can you again navigate to that key in the registry and export it again
Give it a different name
Close registry editor

Can you again navigate to the file and select edit>>copy>paste the contents back here

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#24 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 29 March 2008 - 07:36 PM

Hi again,

Here it is:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

By the way, I caught you posting again!

*How do I attach? The toolbar for attaching isn't there anymore.

Thanks!

Waterburn

#25 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 March 2008 - 07:44 PM

P.S How was Earth hour?

It's just after 7:00 pm here, don't start till another hour :)

Can you go into services.msc and see if the following service is started
Remote Procedure Call (RPC)

Or can you start it?
If not, can you right click on it and select PROPERTIES>>Log on tab
what is selected there
Is it ENABLED?

EDIT>> To attach, in a reply look for the UPLOAD button on the bottom right of the screen
Browse to a file and select it then choose Upload

Edited by guestolo, 29 March 2008 - 07:45 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#26 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 29 March 2008 - 07:48 PM

Hi,

I can't start RPC from services.msc and the properties button doesn't work! I press it, no reaction.

Its good to post back and forth like this!

Thanks!

Waterburn

#27 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 March 2008 - 08:37 PM

What happens if you go to START>>RUN>>type in
cmd

At the prompt type

net start RpcSs

Hit Enter

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#28 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 29 March 2008 - 09:09 PM

Hi,

A message with the following message appears:
System Error 2 has occured. The system cannot find the file specified.

Waterburn

#29 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 March 2008 - 09:32 PM

Take a look at the following link and see if it's any help
http://support.micro...38428#appliesto

Before doing the instructions
Export the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#30 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 06:19 AM

Hi,

I didn't go to the site yet, but I found out there are no actual keys in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT. There are some folders each with one Reg_Sz key but the key has no data. That means
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS doesn't exist either.

Thanks

Waterburn

#31 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 10:32 AM

Can you navigate back to this key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Highlight it, on the right hand side
Look for Image path
What is the Exact path to the executable, word for word

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#32 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 11:21 AM

Hi,

The exact path to the executable is: %SystemRoot%\system32\svchost -k rpcss

Waterburn

#33 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 11:43 AM

Download and save to desktop
FileInfo.zip

Extract the contents so you have FileInfo.vbs on desktop

Double click on FileInfo.vbs to run it
In the first box type an asterik (Shift + 8 keys)>>> *
Then hit OK

Next box, copy and paste the file below

svchost

Hit OK
When the results text file opens, copy>paste back here the whole contents

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#34 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 11:56 AM

Hi,

For some reason when I double click it or press open nothing happens. If I try opening in command prompt, a black box flashes quickly with nothing in it.

Waterburn

P.S If you don't mind I really need this computer fixed today, its getting annoying that I can't do things.

#35 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 12:00 PM

I have an idea, maybe you should export your HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs key and then I will import it.

#36 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 12:10 PM

We can try that, but I believe your key is identical to mine now
Try it anyways
fix2.txt is uploaded, save it to desktop
rename to fix2.reg

Import>>Reboot>>

Try net start rpcss again

Did you extract fileinfo?

Can you right click on it and select Open

I seemed to be having trouble with downloading that file
Unless I right click on it with firefox only
Save as fix.txt

Here's what the contents of the file should look like

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


Edited by guestolo, 30 March 2008 - 12:29 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#37 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 12:19 PM

Can you also scan a file for me

C:\Program Files\NetMeeting\mstinit.exe

That file, post the results or give me the link

http://www.virustota...h/index_en.html

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#38 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 01:03 PM

Hi,

I am just wondering: Why do you need to scan that file? But anyway for some reason my computer doesnt have that file.

Waterburn

#39 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 01:10 PM

I don't want you to browse to that file
If possible, copy>paste the path to the file at virustotal

C:\Program Files\NetMeeting\mstinit.exe

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#40 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 01:11 PM

how?