Author Topic: Computer messed up! (Read 7687 times)

guestolo · « **Reply #20 on:** March 29, 2008, 07:07:43 PM »

I forgot that you were on Windows 2000
Can you do the following

Go to START>>RUN>>type in

regedit

Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Left click to highlight RpcSs
Then click REGISTRY at the top menu bar
"EXPORT REGISTRY FILE"
Give it a name, eg... waterburn
Then save it

Close registry editor
Can you navigate to where you saved the Export file
Right click on it and choose EDIT

Can you copy>>paste back here the whole contents?
If you can't copy and paste
Can you right click on 'waterburn.reg' and rename it to 'waterburn.txt'
Then upload it in a reply back here

waterburn · « **Reply #21 on:** March 29, 2008, 07:56:52 PM »

Hi,

Here it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="æä¾›ç»ˆç»“ç‚¹æ˜ å°„ç¨‹åº (endpoint mapper) ä»¥åŠå…¶å®ƒ RPC æœåŠ¡ã€‚"
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Thanks!!

Waterburn

P.S How was Earth hour?

guestolo · « **Reply #22 on:** March 29, 2008, 08:23:44 PM »

I've uploaded a file called
fix.txt at the bottom of this reply box
Right click the link and choose save link as

Can you save it to your desktop
Then right click on fix.txt and rename it too fix.reg
Allow the change

Double click on fix.reg and let it add/merge to the registry at the prompt

Reboot the computer

Can you again navigate to that key in the registry and export it again
Give it a different name
Close registry editor

Can you again navigate to the file and select edit>>copy>paste the contents back here

waterburn · « **Reply #23 on:** March 29, 2008, 08:36:45 PM »

Hi again,

Here it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

By the way, I caught you posting again!

*How do I attach? The toolbar for attaching isn't there anymore.

Thanks!

Waterburn

guestolo · « **Reply #24 on:** March 29, 2008, 08:44:29 PM »

Quote

P.S How was Earth hour?

It's just after 7:00 pm here, don't start till another hour

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Can you go into services.msc and see if the following service is started
Remote Procedure Call (RPC)

Or can you start it?
If not, can you right click on it and select PROPERTIES>>Log on tab
what is selected there
Is it ENABLED?

EDIT>> To attach, in a reply look for the UPLOAD button on the bottom right of the screen
Browse to a file and select it then choose Upload

waterburn · « **Reply #25 on:** March 29, 2008, 08:48:46 PM »

Hi,

I can't start RPC from services.msc and the properties button doesn't work! I press it, no reaction.

Its good to post back and forth like this!

Thanks!

Waterburn

guestolo · « **Reply #26 on:** March 29, 2008, 09:37:49 PM »

What happens if you go to START>>RUN>>type in
cmd

At the prompt type

net start RpcSs

Hit Enter

waterburn · « **Reply #27 on:** March 29, 2008, 10:09:57 PM »

Hi,

A message with the following message appears:
System Error 2 has occured. The system cannot find the file specified.

Waterburn

guestolo · « **Reply #28 on:** March 29, 2008, 10:32:22 PM »

Take a look at the following link and see if it's any help
http://support.microsoft.com/?kbid=838428#appliesto

Before doing the instructions
Export the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS

waterburn · « **Reply #29 on:** March 30, 2008, 07:19:32 AM »

Hi,

I didn't go to the site yet, but I found out there are no actual keys in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT. There are some folders each with one Reg_Sz key but the key has no data. That means
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS doesn't exist either.

Thanks

Waterburn

guestolo · « **Reply #30 on:** March 30, 2008, 11:32:13 AM »

Can you navigate back to this key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Highlight it, on the right hand side
Look for Image path
What is the Exact path to the executable, word for word

waterburn · « **Reply #31 on:** March 30, 2008, 12:21:38 PM »

Hi,

The exact path to the executable is: %SystemRoot%\system32\svchost -k rpcss

Waterburn

guestolo · « **Reply #32 on:** March 30, 2008, 12:43:36 PM »

Download and save to desktop
FileInfo.zip

Extract the contents so you have FileInfo.vbs on desktop

Double click on FileInfo.vbs to run it
In the first box type an asterik (Shift + 8 keys)>>> *
Then hit OK

Next box, copy and paste the file below

svchost

Hit OK
When the results text file opens, copy>paste back here the whole contents

waterburn · « **Reply #33 on:** March 30, 2008, 12:56:44 PM »

Hi,

For some reason when I double click it or press open nothing happens. If I try opening in command prompt, a black box flashes quickly with nothing in it.

Waterburn

P.S If you don't mind I really need this computer fixed today, its getting annoying that I can't do things.

waterburn · « **Reply #34 on:** March 30, 2008, 01:00:14 PM »

I have an idea, maybe you should export your HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs key and then I will import it.

guestolo · « **Reply #35 on:** March 30, 2008, 01:10:12 PM »

We can try that, but I believe your key is identical to mine now
Try it anyways
fix2.txt is uploaded, save it to desktop
rename to fix2.reg

Import>>Reboot>>

Try net start rpcss again

Did you extract fileinfo?

Can you right click on it and select Open

I seemed to be having trouble with downloading that file
Unless I right click on it with firefox only
Save as fix.txt

Here's what the contents of the file should look like

[color=\"#0000FF\"]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[/color]

guestolo · « **Reply #36 on:** March 30, 2008, 01:19:44 PM »

Can you also scan a file for me

C:\Program Files\NetMeeting\mstinit.exe

That file, post the results or give me the link

http://www.virustotal.com/flash/index_en.html

waterburn · « **Reply #37 on:** March 30, 2008, 02:03:09 PM »

Hi,

I am just wondering: Why do you need to scan that file? But anyway for some reason my computer doesnt have that file.

Waterburn

guestolo · « **Reply #38 on:** March 30, 2008, 02:10:26 PM »

I don't want you to browse to that file
If possible, copy>paste the path to the file at virustotal

C:\Program Files\NetMeeting\mstinit.exe

waterburn · « **Reply #39 on:** March 30, 2008, 02:11:13 PM »

News:

Author Topic: Computer messed up! (Read 7687 times)