Numerous problems, no identifiable cause

Okay, so, this is really weird, even by my standards (and I've found some rather odd errors before.) Last night my computer was fine when I shut down. I didn't install anything yesterday, or really for the last week or more, that I can think of. Yet, this morning, when I booted up, all kinds of things are wrong. Here's a list of what I've been able to find:

* When I boot up, there are two errors: RPC server unavailable, and an error telling me I do not have permission to change catalyst control center settings.

* The Start Bar is moved lower down the screen. I have it set to auto-hide by default, and this is like when it's minimized, but it won't pull up. Turning off auto-hide shows the top bit of the start bar (just enough to reveal a few pixels of green so I can click it), but if I try to resize or move the start bar, it moves lower so I can't reach it and need to toggle auto-hide again.

* I am unable to copy and paste files, or drag them from one folder to another. I can open most files (though double-clicking them doesn't work, I have to right-click and open them.) I can edit and save them, and save new copies in new places, though.

* Most of the windows processes are missing. On a normal day my computer has around 50 processes running (from update schedulers to window's processes to browsers and AIM) Currently there are around 27, and safe mode has 9.

* In the Task Manager, the "users" tab is blank, and the "user name" column under processes is blank except for the System Idle Process entry.

* My "Network Connections" Control Panel is blank/empty/missing.

* Sound appears to not work. Errors are only beeps from the motherboard, and attempting to play MP3s yields an unresponsive copy of Winamp.

* Services.msc is corrupt, or something. The "Extended" tab only shows a blue box in the upper left corner about 200 pixels square or thereabouts, and the rest is blank. The "Standard" tab is as normal, showing the processes that are started and the ones that aren't. Trying to start one yields an error saying the dependency tree cannot be started.

* My Event Viewer has numerous entries under system and applications. Applications have (for the last month) a LOT of "MSI Installer" warnings, something like 20 a day over the course of a few minutes. I don't know of anything that would be trying to install like that. Under the System category, there are Errors from ati2mtag saying "CRT invalid display type" that have been going on since I got the computer and installed the display drivers. There are also disk and fdisk warnings, that I believe are pointing at one of my CD/DVD drives. They've been going on for months as well.

* Related to the last point, in the event viewer, I can't view the properties for any entry. I right click and click properties, and nothing happens.

* I rebooted into safe mode in both my User account and the Admin account, and both of them have the same start bar issue, except in classic view mode I can't get the edge of the button to click the start menu with.



I can't do much in the way of the cleaning suggested by this forum due to the aforementioned inability to copy files, meaning it's hard to transfer files from my USB flash drive to my harddrive. In the process of my trying, here are the results.

CCleaner has run successfully and removed a large number of files.

I can't uninstall the Java entries, due to an error that says the Windows Installer Process can't be accessed. For this same reason, I can't install SUPERantispyware.

I can't run Combofix because I can't move it to my desktop. For this same reason I can't move MGTools to C:\.

Prior to looking up this site, I had run Ad-Aware, Spybot (an un-updated version) and Symantec Antivirus, none came up with anything more than cookies.

On my Desktop, due to the college LAN requirements, I can't connect to the Internet without running Cisco Clean Access Agent, which errors looking for the RPC Server on startup. For this reason I can't update anything.


So... Any ideas? I can't think of any more information to provide offhand, and will gladly provide anything else I can.

 

Hi Nighthand,
Welcome to the Malware Forum!

Did you try going back to an earlier restore point just prior to when this happened? To do this go to Start / All Programs / Accessories / System Tools / System Restore
check the box to Restore my computer to an earlier time and click on Next. You'll see a calander with highlighted dates. Choose one of the dates prior to the start of the problems and allow it to return the computer to this earlier state. See if this does anything useful. If not, you can still reverse this.

abri

 

I get an error: "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again."

 

I know that the RPC Server process is one of the processes that isn't running, but I can find no way to turn it on.

I'd bring it to the IT guys of the college except for two things: First, it's now spring break and no one will be there for at least a week, and second, they are rarely (in my experience) actually helpful, and instead generally insist upon a reformat/reinstall, and I'd like to fix it without reformatting if possible.

Thank you for moving the thread to it's proper place, though.

 

While it will be good to see what startup type it is on, both XP and Vista deny user interaction of any kind from services.msc, which means if the startup type must be changed, it will need to be done via the registry, and not the services console.

 

Well, home now, and trying some things to fix it. As you said, I can't start RPC in the services.msc window. It is, however, set to automatic startup. Why it doesn't, along with the other automatic-startup services that don't, I don't know. I'm far from familiar with the registry, so I don't know where or how to find a setting that would start it up. I did try the black viper fix someone suggested here (which has since been removed?) but there was no change.

 

Also, make sure that WMI (Windows Management Instrumentation) is Started and set to Automatic.

If that doesn't help try the steps below.

Steve

 

WMI is Automatic, but not started. Attempting to start it comes up with "Error 1068: The dependency service or group failed to start."

Event log is already automatic and started.

The User Accounts Control Panel is a blank white field with a back button, forward button, and home button, none of which do anything.

Using Run->CMD, stopping the process doesn't work since it's not running, and starting it doesn't work due to the same error from services.msc. Deleting the Repository folder and restarting has no effect.

 

Hi,

From last fri, I am also encountered the same problems as narrated by user - Nighthand in her 1st post .. The problem match is exactly the same -
- Blank device manager
- Network Connections empty
- No network connection
- No user information in task manager
- .....

Any solutions?? .. any help is highly appreciated ..

Thanks

 

I see a steady stream of college issued pcs.

A suprising number are still under college warranty, even after actually leaving college!

Ask them first is good advice.

 

Unfortunately .. It is my personal laptop and not a college issued one .... hence trying to get some help trying to make my laptop functional again

Any help is highly appreciated

Thanks

 

Type these commands from the Start > Run dialog pressing OK after each one.

regsvr32 jscript.dll
regsvr32 nusrmgr.cpl
regsvr32 /i mshtml.dll

Steve

 

Copy the keys from the registry at

HKLM/Software/Microsoft/RPC

To a text file in notepad and post it here.

 

Tried your command .. but no luck

However after executing every cmd .. I get an alert msg stating the command succeeded .. but problem still remains

 

If they succeeded that's good. Thought it might solve it.

You might try a restart.

Steve

 

Hi Studiot,

Attachment contains keys information from the registry at
HKLM/Software/Microsoft/RPC

Let me know .. if you need any other details

Thanks

 

Hi Matacumbie,

I did restart my machine after executing all the commands that you list ... but still no luck

 

Do you have a program named USB Toolbox installed? If so, uninstall it and restart.

Steve

 

I dont have any program named USB Toolbox installed ... checked Add/Remove programs from control console

Interesting thing is .. the search feature on my machine is also not working

 

I am not convinced that your registry is OK.

In particular I can't make all that hex in the DCOM key to stack up.

So try replacing it with the DCOM data in the attached .txt file.

I also don't see the need for the doubled up slashes in the Nameservice key
so I have added 'ordinary' entries here to the attachment.

The other keys under RPC are normal.

Don't forget to save the original data first.

 

Hi Studiot,

I checked in the view (without exporting the keys) and it showed the same values as u indicate in your attached file ... But with one difference ..

In all folders, enclosed below .. the 1st entry (value 0) is

Name: (Default)
Type: REG_SZ
Data: (value not set)

Folders Info -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NameService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NetBios
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService


In your file .. you have the value 0 as

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NameService
Class Name: <NO CLASS>
Last Write Time: 8/10/2004 - 1:58 PM
Value 0
Name: DefaultSyntax
Type: REG_SZ
Data: 3

Is that the cause of the problem ???

Thanks

 

Hi I wanted to post to this thread in the hopes my info can help you out. I had this exact same problem recently and I noticed that my services in the registry were modified to include dependencies. Such as...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]

had a new Dependency entry (Depend On Service XXXXX)

The RPCSS service entry and Lanmanserver also had this dependency as well as a TON of others.

I would HIGHLY recommend you look at all of your failed services in the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

registry and examine if they have any bogus dependencies listed and remove them.

Once I removed the dependency on those services (that I knew didn't have dependencies... check the web if you are unsure) Everything came back and I was able to get going again. All in all it was about 20 services in my case. Maybe a virus... ??

I really hope that helps you out mate!!

 

Thanks for coming back with the info.

Well done for your persistence.

:major

 

Terrafaxx,

I have checked my registry and have FOUR sets of services listed. Is that what I should have ?

I don't see anything that says "Depend On".

And I am a real novice and have no idea what should be running or dependant or not.

Can you help me out Please ???? Tell me more speficially what I should be looking for and changing ?

Thanks a bunch. Tim

 

Hi Tim

to correct the "Blue Box" when you bring up services.msc go to a command prompt and type the following:

regsvr32 jscript.dll
regsvr32 vbscript.dll

also if you have IE6...

regsvr32 /i mshtml.dll


That should allow you to look at your services from the services.msc as well as get you back to system restore