We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

# Can't get RPC to start

on
Medium Priority
1,013 Views
I have done a lot to system as described below.  I think the major issue at this point is that RPC won't start, along with a lot of services when I look at msconfig.  That's my assumption, but am not an expert.  Any advise?

I have an IBM T43 laptop -Win XP Pro Version 2002 Service Pack 3

Kids had been using computer and ended up with PCTOOLS Spyware Doctor reporting an issue. As this has been a good tool that I've used for 5 or 6 years, I had it do its thing to fix it. Which it reported it did and notified me that I had to boot machine for it to completely remove issue.
When I went to restart, it reported it couldn't start the shell application and then logged out. I reported issue to PCTOOLS and they were no help and very difficult to get a follow-up with. As I am not a novice, I proceeded to look around the net for people that have had similar issues and thus tried to become the expert. Well you know where that lead me.

Regardless, here's what I had done and where I am now.

I don't have original disk as this was a preloaded laptop that I was allowed to take with me when i left a job with a company in Atlanta. I had made a recovery disk sometime ago, but where it is - heaven knows!

I tried IBM reovery, but don't know the "built-in password. Called SYS Admin, who is still at company I left, and he gave me a couple, but neither worked, thus I had no luck using Recovery Console.

So - I couldn't boot up to look at system, thus made a bootable CD using BartPE. With it I could get in and look around and decided (Right or Wrong) to find a Restore Point for the registry prior to my problem. I found one just a few days older and loaded it. I though I had a good start as I got the system to boot and would display my icons, all but the task bar.
Found explorer.exe missing from System32 folder. It's registry item looked ok. I copied explorer.exe from the servicepackfiles/i386 folder to system32 and got taskbar to come up, however it is grayed out, but "Start" was there and worked fine. Symptom: Programs don't minimize into task bar.

Found several File Types without any association to an application in which it should execute under. Corrected all I could find.

Have a reg clean utility on my computer and ran it. Initially found a bunch of stuff, and now according to it, have a clean registry, though I'm sure that's not the case.

Troubles at this point:
- Most of my programs on the desktop will run, QuickBooks does not.

- Can't get Norton Antivirus to run - Did get Pctools SPyware Doctor to run and it initially found a couple of Spywares and a trojan. Says it repaired and subsequent runs are clean.

- Can't copy and paste files. I can access anything with explorer, but can't copy files. I copied files using cmd prompt.

- Found several exe files missing in System32. I copied new ones in using ServicePackFiles\i386 folder.

- Using MSCONFIG - I notice a lot of services not running

- RPC won't start. If I try to start is manually, I get an Error 3, can't find path.

- My network icons have disappeared - Ethernet & Wireless

- On control panel for User Accounts (Which the icon is there), when I open it, no users are presented. I have four different users on the machine.

Here is my HiJackThis:

Logfile of HijackThis v1.97.7
Scan saved at 11:34:44 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\scott\My Documents\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: HP Clipbook (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: HP Smart Select (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Software Installer (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab

Comment
Watch Question

## View Solutions Only

Commented:
Sounds like a fresh install of XP is what you need. If you didn't want to do that, you could try a Repair install from the XP install CD. But if you did that, you would need to download and install all of the windows updates again. Also since that keeps all of your applications, settings and registry, it may not solve the problems your having.

To make installing from scratch less painful, use DriverMax to export all of your drivers so you can import them later into the new installation. That way you don't have to spend all day looking for drivers.
http://www.innovative-sol.com/drivermax/

Commented:
TCB1  You're probably right and have a local company that can come in and do that.  I would like to see if I can get it running manually, at least limping to get some things I really need, otherwise would lose.

I hope someone has some ideas to move me forward.

thanks

Commented:
Try this:
https://filedb.experts-exchange.com/incoming/ee-stuff/3223-RPCFix.zip
Also, search your computer for "rpcss.dll" and make sure that it's in C:\WINDOWS\system32

Commented:
orangutang,

Thanks for getting in.  rpcss.dll is there with a dat of just over a year ago.

Any other ideas?

Thanks

Commented:

Commented:
What version rpcss.dll do you have?

Commented:
I'll try to check after system boots.  Just executed your 3 registry updates and booted.

Not sure I can verify as I've not been able to open up "properties" on SOME things.

Standby

Commented:
Oh my - Since applying those 3 registry updates, things changed.  I can no longer run msconfig, or regedit, which I could previously.  I tried to go to command prompt, same problem. On all three,  System is reporting that Windows cannot find '(msconfig)(regedit)(cmd)'.  Make sure you typed the name correctly.

rpcss.dll - Version 5.1.2600.5512

Commented:
Hmm, I think you either have something wrong with your hard drive or you still have a virus. Can you run Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) in safe mode? Or can you send us your AutoRuns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) or your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log?

Commented:
Virus isprobably still there.  Norton won't run in the state I had it.  PCtools Spyware doctore will run, and last time was clean, though did report Trogan.Agent.OCP at one point.

My Hijack this that I ran last night is posted above.  Once I get the system back up where I can access, I'll down load those utilities and run them.

Thanks for hanging in.

Commented:

Commented:
I had an error, but don't recall the specifics.  I chased it a bit to no avail.  Still trying to get machine back up to the point I had it.  I found explorer.exe missing again in windows.  I'll copy the other files I had previously found missing to see if I can get it back to the state I was in.  If that doesn't work, I'll force backing up registry with old restore point.

Commented:
Not making good progress.  Sunday, I found a command line to take an RRU file and update registry.

%systemroot%. . . . . . . . . . .

I did it, and didn't write down how I did it.  Found it on a forum somewhere.  That got me back to where I could get into the system and do alot of things.  Now I'm drawing a blank and zip on my searches.  I'll get this back and run your utilities.

Do you think this is a fruitless effort?

Scott
Commented:
You have a very weird problem. I've never seen a bunch of system files constantly being deleted. I'm guessing it's a virus but the virus would probably replace the system files with more viruses. Can you start in safe mode?

Not the solution you were looking for? Getting a personalized solution is easy.

Commented:
No - Haven't been able to get into safe mode, except when I had system up by plagiarizing it.

Will let you know when I get iit back up.  2AM here.  May have to continue tomorrow.  But just did a couple of things to no avail.  Am going to try a couple of more.

Thanks for your help and hope you can try a bit further with me.
Thanks - Scott
##### Thanks for using Experts Exchange.

• View three pieces of content (articles, solutions, posts, and videos)
• Ask the experts questions (counted toward content limit)
• Customize your dashboard and profile