Remote process control stopped

R

ranger_cole

Guest
I am having major xp pro sp1 troubles. My pc reboots after getting to the desktop. This is a dual boot system with the other os win 98se. Win 98se does not reboot by itself. This started after installing a free screensaver from www.freeze.com. Free Living aquarium Screen Saver was the name of it. After installing and rebooting I got a message that mxtask had changed (agnitum firewall reported this). This was the first clue. Then I noticed my APC ups software was not being loaded at startup, my external HD, connected via usb disappeared (The external HD shows up fine in win 98se). Then the pc started rebooting when xp loaded. I tried to run system restore but it reboots before it can get started. I tired uninstalling the freeze screen saver but it could not open the install log?. I was able to uninstall freeze screensaver via mcafee uninstaller. I then went into msconfig and tried to do a selective startup. This did not fix the problem. I found out that nearly all services were disabled. I did not disable them. I tired to see if all this was virus related by running avast virus scanner but it says it could not run due to an error in RPC. Also before the rebooting started I had to install a new DVD derive and a usb 2.0 hub. I thought maybe this hardware was causing the problem (work fine in win98se) so I started removing usb devices 1 at a time and started adding them back 1 at a time. All this did was cause win xp pro to need to be reactivated because of major hardware changes. I also thought that the services.exe might be corrupted and tried this
Start > Run sfc /scannow but as it progressed it said to load the xp pro cd because it needed files from the cd. When I loaded the cd and knew it was loaded( cd open with splash screen/ could be opened from my computer) sfc /scannow kept asking for me to insert the cd( it was inserted) but I got the insert cd message over and over so I just quit. UPDATE:
I ran msconfig and set xp to run diagnostic startup and pc quit rebooting. Still cannot get RPC to run and that means usb devices not found, cannot surf internet, etc. I cannot do a system restore past 11/18/03. Problem started 11/14/03. I ran symantec msblaster virus removal tool and did not find it. I searched the registry for the various variations of the msblater and they were not found. I am going to try stinger virus removal from mcafee 11/19/03. Attached is screenshoot of my pc's services that are not running.
So I am now stuck with a win xp pro pc that will reboot after a few minutes. Luckily win 98se still works
 
This sounds similar to the problem I have had being infected with some kinda worm. Can't remember how it was called but it infected my RPC and was always shutting down my OS also. Antivirus software and firewall programs were terminated right after opening them.

What I did might not be a solution for you as I did a full reinstallation of the OS and installed all xp patches avaiable.
 
update:
I went into Start / Control Panel / System / Advanced / StartUp and Recovery / Settings. Then under "System Failure" uncheck "Automatically restart". I did not get any bluescreens. I ran adaware and sypbot and they found nothing. I also ran mcafee stinger 1.9 from a disk and it did not find anything.
I also removed avast anti virus program and from the registry. I cannot do a system restore as it is showing no dates to restore to. Yes it is on and has been on for over a month. I cannot boot into safe mode because there is no boot tab in msconfig. Hitting F8 at startup only brings up boot devices. Remote process control is still not running when you check under services in msconfig. I rebooted several times but I still cannot connect to internet, apc ups sotware will not load, etc. I also ran hijack this program and included is the log file from my pc:
StartupList report, 11/19/2003, 3:20:07 PM
StartupList version: 1.52
Started from : F:\unzipped\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\explorer.exe
F:\unzipped\hijackthis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Shell & screensaver key from F:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=F:\WINDOWS\System32\ssbezier.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - F:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll - {08E74C67-99A6-45C7-94DA-A397A8FD8082}
(no name) - F:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll - {206E52E0-D52E-11D4-AD54-0000E86C26F6}
(no name) - F:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - F:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{0E5F0222-96B9-11D3-8997-00104BD12D94}]
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[{4226E9B7-D637-40E8-893A-13298AB41477}]
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

[CustomerCtrl Class]
InProcServer32 = F:\WINDOWS\Downloaded Program Files\customerclient.dll
CODEBASE = http://cs5b.instantservice.com/jars/customerxsigned35.cab

[{9732FB42-C321-11D1-836F-00A0C993F125}]
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[Update Class]
InProcServer32 = F:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.7142013889

[Shockwave Flash Object]
InProcServer32 = F:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: F:\WINDOWS\system32\SHELL32.dll
CDBurn: F:\WINDOWS\system32\SHELL32.dll
WebCheck: F:\WINDOWS\System32\webcheck.dll
SysTray: F:\WINDOWS\System32\stobject.dll


Remote process control is still not running.
 
do a search for RPC error on the forums m8, lots of answers, no need for another thread on this :)
 
I tried searching again, as I had before your reply, and did not see anything new that I have not tried to fix my problem. Any new ideas other than reformat would be great.
 
Well I tried a repair install and that failed. I tried a del/format hard drive to reinstall xp and that failed due to HD error. I have found out this maxtor 40 Gb HD is bad and am send it back for a replacement. Thanks for your suggestions.
 
ok then do a google on the msblast worm mate, that will take you on the right path.
 
I see no indication from the HJT log that you are infected with MSBlast. Run the removal tool found here to verify.

The only odd thing is the two instances of explorer F:\WINDOWS\explorer.exe F:\WINDOWS\Explorer.EXE

While it does appear a problem with RPC is the cause i feel perhaps people are pointing you to a worm infection due to the fact thats the most recognised issue with RPC at this time.

If you check the event log it should contain some events that may indicate a different cause.
 

Members online

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back