http://mymalaysia.wordpress.com/2006/11/10/hirens-bootcd-86/

OK ok I know. Don’t do that on a production machine. but my PC was acting very slow and defrag was taking forever. So I went to the illegal side and download two pieces of software. ran the nod 32 patch and the perfectdisk. After the reboot, I went to the weird side. the pc allowed internet access but many functions stopped working.

I found out that rpc stopped working.

And yes the next 8 hours were horrible. So this is what I found out.

I first look at what the service is.
http://www.theeldergeek.com/remote_procedure_call_(rpc).htm
I had forgotten what rpc did but with sp2 its has become a critical com service

http://support.microsoft.com/?kbid=838428 rpc error but is for error 1058

http://answers.yahoo.com/question/index;_ylt=AhjdsnKd1bemgQSzlwHEeisjzKIX?qid=20061019151409AA8mAky
this was interesting that it was some spyware but I ran Ewido and i tried webroot but it would not work. I also ran nod32 nothing there.   This was definitely the wrong answer to what was happening.
http://www.wilderssecurity.com/archive/index.php/t-36480.html
this site did not help with the links at the bottom

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21313102.html
this was interesting a reinstall after various look.

Microsoft Windows XP and Microsoft Windows 2000
Verify the ClientProtocols key exists under the HKEY_Local_Machine\Software\Microsoft\Rpc key and that the ClientProtocols key contains at least the following 5 default values:
• ncacn_http REG_SZ rpcrt4.dll
• ncacn_ip_tcp REG_SZ rpcrt4.dll
• ncacn_nb_tcp REG_SZ rpcrt4.dll
• ncacn_np REG_SZ rpcrt4.dll
• ncacn_ip_udp REG_SZ rpcrt4.dll
I added the entry that was not there but it’s still did not work.

It has been 8 hrs now doing searches and that’s enough for today.

A fresh look after two days and a day off work.

I decided to reinstall. I got my sp2 and I could not remember if i had to repair/not repair. Keep in mind that I do not have upgrade cd but a full blown sp2.

Mistake 1: doing a repair. thats what microsoft recommends and windows went into the loop
“Failed to install product catalog.”

it recommends deleting the catroot files. I first took out my wininternal cd and change it. It did not work. I read other web pages. I found that by pressing + . I get a command prompt and run various command prompt program

during the windows xp repair ceratin service were not working.

http://www.updatexp.com/support-files/cryptographic-service-error.pdf

I checked the dberr.txt and found that the cryptsvc service. I then noticed that the whole thing was because the rpc service problem might still be happening. I look at the dll in use for rpc, rpcss.dll. The upgrade showed the actual file. I checked the svchost file. Luckily I type the search incorrectly. I noticed the svchost file was not correct. So I start to figure how to copy the file. I read the cryptsvc file again. I redid my search. I found a file named svchost (no extension). I did a full search on svchost. The actual file was there also.  So I had two files svchost and svchosts.exe.  Microsoft had setup the rpc service with the incorrect entry in the services ” svchost -k rpcss.dll” while the cryptology service has it as “svchost.exe -k cryptsvc.dll”

So I renamed the file svchost to svchost.bad. Reboot my machine everything started working.

I finished the re-install. I should have seen this all and avoided the reinstall.

After starting again, my XP2 reinstall continued with more problems. Windows XP  security stuff was all messed up. I noticed my ATI All-in-wonder catalyst program not working. This is the error I saw.
http://support.ati.com/ics/support/default.asp?deptID=894.

There were other items that were not working also.  All relates to WMI issue. This is how I fixed it.

http://windowsxp.mvps.org/repairwmi.htm to fix wmi. I did the comprehensive rebuild method.

http://support.microsoft.com/kb/818464 to fix the security. this is four windows 2003 but it works also for windows XP.

There are svchost spyware but my reading indicates that this is something new.