1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

RPC server is unavailable

Discussion in 'Windows XP' started by cbmomoney40, Dec 23, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    I cannot access the RPC server. After I log on, I get the error message of

    "System Error &H800706BA (-2147023174). The RPC server is unavailable."

    Whenever I run services.msc and try to start it from there, I get the message:

    "Could not start the Remote Procedure Call RPC service on Local Computer.
    Error 5. Access is Denied."

    I tried to download AVG antivirus, but it won't install without access to the RPC server.
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Try booting in Safe Mode with Networking.

    Please click here to download and install version 2.0.2 of the HijackThis Installer.

    Run it and select Do a system scan and save a logfile.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    Do not fix anything

    Make sure to run the program in Normal Mode.
     
  3. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:41:49 PM, on 12/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DesktopAuthority\DaMaint.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\DesktopAuthority\rmgui.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu0.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu0.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Desktop Authority GUI] "C:\Program Files\DesktopAuthority\rmgui.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; eMusic DLM/4)" -"http://spongebob.nick.com/games/play/sb_boatingschool/"
    O4 - HKUS\S-1-5-21-1981001023-3091673561-677485609-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1981001023-3091673561-677485609-1008\..\Run: [Google Update] "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
    O4 - HKUS\S-1-5-21-1981001023-3091673561-677485609-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
    O4 - HKUS\S-1-5-21-1981001023-3091673561-677485609-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-1981001023-3091673561-677485609-1008\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (User '?')
    O4 - HKUS\S-1-5-21-1981001023-3091673561-677485609-1008\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; eMusic DLM/4)" -"http://spongebob.nick.com/games/play/sb_boatingschool/" (User '?')
    O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\2020V8\Mswin\60\SCBar.Exe
    O4 - Global Startup: Disable Address Bar Searching.bat
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O20 - AppInit_DLLs: DAinit.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Desktop Authority Maintenance Service (DAMaint) - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\DaMaint.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Desktop Authority Service (DesktopAuthority) - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\DesktopAuthority.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\WINDOWS\system32\slClient.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Symantec Corporation - C:\TEMP\Clt-Inst\vpremote.exe
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Try a Clean Boot.

    You should also get rid of SearchEnhancement. It's an undesirable software - IE search hijacker.
     
  5. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    What do I do after I do a clean boot?
     
  6. Saga Lout

    Saga Lout

    Joined:
    Sep 15, 2004
    Messages:
    3,791
    See if it makes the problem go away. I think it will help because those curious four line entries under the 04 section concerning Shockwave look rather suspicious to me and a clean boot will prevent them from automatically starting. Try the clean boot and scan with HJTagain then post your log back here.

    If and when you do put some Startup options back in using msconfig, make sure those entries aren't re-ticked.

    I can't resist pointing out that here's yet another HJT log with Symantec mentioned - poor old Peter Norton must wonder whatever happened to his previously excellent programme after he sold it.
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    The Shockwave entry is normal. The RunOnce keys are used to launch a service or background process whenever a user, or all users, logs on to the computer. Once the program is successfully launched for the first time, its entry will be removed from the Registry so it does not run again on subsequent logons.

    As for Norton, I must agree. They have lost their initial reputation for good!
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,587
    Once RPC is disabled you can't simply restart it but you should be able to by making a simple change in the registry. Are you at all familiar with the registry? If so, you can give you the instructions. Otherwise, I can prepare a regfix for you to import.
     
  9. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    I have never done anything to the registry, but I am comfortable with computers. If you post good instructions, I am sure I can figure it out.

    By the way, my computer won't get on the internet anymore, so I am posting this from my laptop.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,587
    First, we'll create a backup of the registry as a safeguard in case you make a mistake.

    Please go to Start - Run and copy and paste the following and then click OK:

    regedit /e c:\registrybackup.reg

    It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

    When it no longer has the hour glass, check in your C drive to be sure you have a file called registrybackup.reg before continuing. If you do not see that file, please let me know before doing anything else.

    If the registry backup file is there then please proceed.

    Go to Start - Run - type in regedit and click OK. This will open the registry editor.

    I want you to navigate to the following registry key down the left side:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

    In order to do that, click on the + that you see to the left of each branch, as follows (each one will open up the next one):

    +HKEY_LOCAL_MACHINE
    +SYSTEM
    +CurrentControlSet
    +Services

    Now, still on the left side under Services, scroll down until you come to RpcSs (do not click the + beside it). Just click once on RpcSs to highlight it. When you do that, you will see several options appear now in the right-hand side pane. They are listed in alphabetical order, starting with Description, DisplayName, etc.

    Scroll down that list until you come to the one that says Start. Double-click on Start and a box will pop up that says Edit DWORD Value. Just below that you will see Value Name: and below that in a rectangular box it says Start. This indicates you are indeed in the correct place and you can't change these as they are greyed out.

    Now below that, you should see the heading: Value Data: and below that a white rectangular box with a number in it which should also be highlighted in blue (this means your cursor is already positioned there so you will automatically type over it). I don't know what the number you have is for sure but it's likely a 4. The correct value is 2 so if it is 2 then don't make any changes and just report back here please.

    If there's anything other than a 2, change the value to 2. Just type the number 2 without any quotation marks or anything else right over top of the current value.

    Do not change anything on the right side in the box where it says Base.

    Once you've changed the value to 2, click OK and then File and Exit to close the registry editor. Reboot the machine and let us know if the RPC Service has restarted and you have regained functionality.
     
  11. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    First of all, thanks for the help.

    But, the number was 2 originally. What do I do now?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,587
    If the value was correct then malware may be blocking it.

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  13. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    Sadly, I already have Malwarebytes Anti Malware on that computer, but I can't run it because I always get a pop up saying that something is wrong with my vbalgrid or something. Do you know anything about that?
     
  14. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    Hmmm. tough problem. I have read this morning that software by ScriptLogic Corporation (including Desktop Authority) installs its own RPC server which messes with the Windows RPC server (not sure if that is a problem, just noted it). Also from your HJT log I see a Lexmark printer which installs its own RPC server (could also be Dell, since Dell sells Lexmark printers under their name).

    So a couple of questions that might help us figure this out...

    How long have you had the ScriptLogic/Desktop Authority software installed? And how long have you noticed the RPC error in relation to how long the software was installed?

    Do you currently have a Lexmark or Dell printer installed? Or if it is uninstalled, what is the time from when it was installed until you noticed this problem? If you unistalled it, look in TaskManager under Processes to see if 'spoolsv.exe' is running )it is a service related to the printer).
     
  15. cbmomoney40

    cbmomoney40 Thread Starter

    Joined:
    Dec 20, 2009
    Messages:
    15
    Actually, I do have a Lexmark printer and I noticed it stopped working when I lost the RPC server. Is that what happens?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/887927

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice